Overview HCC Embedded’s software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The Forescout and JFrog...
Read MoreOverview HTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. Description The affected systems allow invalid characters such as carriage return and...
Read MoreOverview Microsoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire Active Directory. Description...
Read MoreOverview A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for...
Read MoreOverview Starting with Windows 10 build 1809, non-administrative users are granted access to SAM, SYSTEM, and SECURITY files. This can allow for local privilege escalation (LPE). Description Starting with Windows 10 build 1809,...
Read MoreOverview Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be...
Read MoreOverview The Microsoft Windows Print Spooler service fails to restrict access to the RpcAddPrinterDriverEx() function, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a...
Read MoreOverview Checkbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server. Description CVE-2021-27852...
Read MoreOverview Pulse Connect Secure (PCS) gateway contains a buffer overflow vulnerability in Samba-related code that may allow an authenticated remote attacker to execute arbitrary code. Description CVE-2021-22908 PCS includes the...
Read MoreOverview Devices supporting the Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure that could allow an attacker to impersonate a legitimate device during pairing. Description...
Read MoreOverview MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2021-2307 MySQL...
Read MoreOverview Pulse Connect Secure (PCS) gateway contains a vulnerability that can allow an unauthenticated remote attacker to execute arbitrary code. Description CVE-2021-22893 An unspecified vulnerability exposed by the Windows...
Read More