Lucene search
K

116 matches found

CVE
CVE
added 2021/08/19 11:9 a.m.61 views

CVE-2021-36762

CVE-2021-36762 affects HCC Embedded InterNiche NicheStack and NicheLite up to version 4.3. The tfshnd():tftpsrv.c TFTP packet processing function may read beyond the protocol buffer when a filename isn’t properly NULL-terminated, enabling out-of-bounds reads and potential DoS. Impact is described...

7.8CVSS7.9AI score0.023EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/08/19 11:9 a.m.22 views

CVE-2021-36762

An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd:tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet...

8.2AI score0.023EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/08/19 11:4 a.m.31 views

CVE-2021-27565

The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of service infinite loop and networking outage via an unexpected valid HTTP request such as OPTIONS. This occurs because the HTTP request handler enters a miscoded wbsloop debugger hook...

8AI score0.02588EPSS
Exploits0References4
CVE
CVE
added 2021/08/19 11:4 a.m.75 views

CVE-2021-27565

The CVE-2021-27565 entry affects HCC Embedded’s InterNiche/NicheStack TCP/IP stack (and NicheLite) prior to version 4.3. The issue is an HTTP request handling bug in the stack that can trigger an infinite loop via a valid but unexpected request (e.g., OPTIONS), causing a denial of service by disr...

7.5CVSS7.7AI score0.02588EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/08/19 10:52 a.m.68 views

CVE-2021-31400

CVE-2021-31400 affects HCC Embedded InterNiche/NicheStack TCP/IP stack (in tcp_pulloutofband() in tcp_in.c, 4.0.1) where out-of-band urgent data handling may call a panic, potentially causing an infinite loop and DoS. Public sources (NVD, Red Hat CVE page, CERT/ICS, ENISA ENISA, and ICSA Update B...

7.5CVSS7.8AI score0.01493EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/19 10:52 a.m.22 views

CVE-2021-31400

An issue was discovered in tcppulloutofband in tcpin.c in HCC embedded InterNiche 4.0.1. The TCP out-of-band urgent-data processing function invokes a panic function if the pointer to the end of the out-of-band data points outside of the TCP segment's data. If the panic function hadn't a trap...

8.1AI score0.01493EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/19 10:51 a.m.17 views

CVE-2021-31228

An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...

8.1AI score0.0127EPSS
Exploits0References2
CVE
CVE
added 2021/08/19 10:51 a.m.78 views

CVE-2021-31228

CVE-2021-31228 is a vulnerability in HCC Embedded’s InterNiche/NicheStack TCP/IP stack. The issue allows an attacker to predict the DNS query source port, enabling forged DNS responses to be accepted as valid by a DNS client (without needing to sniff the specific query). The Common details indica...

7.5CVSS7.8AI score0.0127EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/19 10:50 a.m.39 views

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

8.4AI score0.01675EPSS
Exploits0References2
CVE
CVE
added 2021/08/19 10:50 a.m.74 views

CVE-2021-31227

CVE-2021-31227 affects HCC Embedded InterNiche/NicheStack. It is a heap-buffer-overflow in the HTTP POST parsing path (wbs_multidata) caused by an incorrect signed-integer comparison. Exploitation requires sending a malformed HTTP packet with a negative Content-Length, bypassing size checks and t...

7.5CVSS8.2AI score0.01675EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/19 10:48 a.m.26 views

CVE-2021-31226

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...

9.8AI score0.03155EPSS
Exploits0References2
CVE
CVE
added 2021/08/19 10:48 a.m.68 views

CVE-2021-31226

CVE-2021-31226 affects HCC Embedded InterNiche/NicheStack (4.0.1) and is caused by a lack of input size validation in the HTTP POST parser, leading to a heap buffer overflow in wbs_post() via strcpy() when a crafted URI longer than 50 bytes is sent. Red Hat/RedHat CVE entries corroborate a heap o...

9.8CVSS9.5AI score0.03155EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/08/18 7:15 p.m.24 views

CVE-2020-25928

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...

9.8CVSS0.03627EPSS
Exploits0References2
NVD
NVD
added 2021/08/18 7:15 p.m.19 views

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

7.5CVSS0.01262EPSS
Exploits0References2
OSV
OSV
added 2021/08/18 7:15 p.m.3 views

CVE-2020-25928

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...

9.8CVSS6.1AI score0.03627EPSS
Exploits0References2
OSV
OSV
added 2021/08/18 7:15 p.m.5 views

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

7.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2021/08/18 7:15 p.m.8 views

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

7.5CVSS0.0227EPSS
Exploits0References3
Prion
Prion
added 2021/08/18 7:15 p.m.13 views

Design/Logic Flaw

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

5CVSS8.4AI score0.0227EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/08/18 7:15 p.m.28 views

Remote code execution

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...

7.5CVSS9.8AI score0.03627EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/08/18 7:15 p.m.21 views

Design/Logic Flaw

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

5CVSS8.6AI score0.01262EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder