VU#706695: Checkbox Survey insecurely deserializes ASP.NET View State data
OverviewCheckbox Survey prior to version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable...
View ArticleClik here to view.
VU#383432: Microsoft Windows Print Spooler allows for RCE via...
OverviewThe Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to...
View ArticleVU#131152: Microsoft Windows Print Spooler Point and Print allows...
OverviewMicrosoft Windows allows for non-admin users to be able to install printer drivers via Point and Print. Printers installed via this technique also install queue-specific files, which can be...
View ArticleVU#506989: Microsoft Windows 10 gives unprivileged user access to...
OverviewMultiple versions of Windows 10 grant non-administrative users read access to files in the %windir%\system32\config directory. This can allow for local privilege escalation...
View ArticleVU#914124: Arcadyan-based routers and modems vulnerable to authentication bypass
OverviewA path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive...
View ArticleVU#405600: Microsoft Windows Active Directory Certificate Services can allow...
OverviewMicrosoft Windows Active Directory Certificate Services (AD CS) by default can be used as a target for NTLM relay attacks, which can allow a domain-joined computer to take over the entire...
View ArticleVU#357312: HTTP Request Smuggling in Web Proxies
OverviewHTTP web proxies and web accelerators that support HTTP/2 for an HTTP/1.1 backend webserver are vulnerable to HTTP Request Smuggling. DescriptionThe affected systems allow invalid characters...
View ArticleVU#608209: NicheStack embedded TCP/IP has vulnerabilities
OverviewHCC Embedded's software called InterNiche stack (NicheStack) and NicheLite, which provides TCP/IP networking capability to embedded systems, is impacted by multiple vulnerabilities. The...
View ArticleVU#883754: Salesforce DX command line interface (CLI) does not adequately...
OverviewThe default security configuration in Salesforce allows an authenticated user with the Salesforce-CLI to create URL that will allow anyone, anywhere access to the Salesforce GUI with the same...
View ArticleVU#999008: Compilers permit Unicode control and homoglyph characters
OverviewAttacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted...
View ArticleVU#930724: Apache Log4j allows insecure JNDI lookups
OverviewApache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j.CISA...
View ArticleVU#692873: Saviynt Enterprise Identity Cloud vulnerable to local user...
OverviewSaviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote,...
View ArticleVU#142629: Silicon Labs Z-Wave chipsets contain multiple vulnerabilities
OverviewVarious Silicon Labs Z-Wave chipsets do not support encryption, can be downgraded to not use weaker encryption, and are vulnerable to denial of service. Some of these vulnerabilities are...
View ArticleVU#287178: McAfee Agent for Windows is vulnerable to privilege escalation due...
OverviewMcAfee Agent contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user may be able to place...
View ArticleVU#119678: Samba vfs_fruit module insecurely handles extended file attributes
OverviewThe Samba vfs_fruit module allows out-of-bounds heap read and write via extended file attributes (CVE-2021-44142). This vulnerability allows a remote attacker to execute arbitrary code with...
View ArticleVU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
OverviewThe InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM). DescriptionUEFI software provides...
View ArticleVU#229438: Mobile device monitoring services do not authenticate API requests
OverviewThe backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference)...
View ArticleVU#383864: Visual Voice Mail (VVM) services transmit unencrypted credentials...
OverviewVisual Voice Mail (VVM) services transmit unencrypted credentials via SMS. An attacker with the ability to read SMS messages can obtain VVM IMAP credentials and gain access to VVM...
View ArticleVU#970766: Spring Framework insecurely handles PropertyDescriptor objects...
OverviewThe Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.DescriptionThe Spring...
View ArticleVU#411271: Qt allows for privilege escalation due to hard-coding of...
OverviewPrior to version 5.14, Qt hard-codes the qt_prfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt.DescriptionPrior to version...
View Article