CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51455
https://notcve.org/view.php?id=CVE-2023-51455
A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51455 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51454
https://notcve.org/view.php?id=CVE-2023-51454
A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-3160 – Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure
https://notcve.org/view.php?id=CVE-2024-3160
The manipulation leads to information disclosure. ... Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/netsecfish/intelbras_cap_js https://vuldb.com/?ctiid.258933 https://vuldb.com/?id.258933 https://vuldb.com/?submit.305410 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33111 – Improper Validation of Array Index in Audio
https://notcve.org/view.php?id=CVE-2023-33111
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-129: Improper Validation of Array Index •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-3130 – Insecure Data Storage leading to sensitive Information disclosure.
https://notcve.org/view.php?id=CVE-2024-3130
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app Las credenciales codificadas en la aplicación CoolKit eWeLlink son anteriores a 5.4.x en Android e IOS, lo que permite a un atacante local acceder no autorizado a datos confidenciales a través del algoritmo de descifrado y la clave obtenida después de descompilar la aplicación. • https://ewelink.cc/security-advisories-and-notices • CWE-798: Use of Hard-coded Credentials •