CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51455
https://notcve.org/view.php?id=CVE-2023-51455
A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51455 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51454
https://notcve.org/view.php?id=CVE-2023-51454
A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-3160 – Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure
https://notcve.org/view.php?id=CVE-2024-3160
The manipulation leads to information disclosure. ... NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user. ** EN DISPUTA ** Se ha encontrado una vulnerabilidad clasificada como problemática en Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 y HDCVI 1016 hasta 20240401. ... Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://github.com/netsecfish/intelbras_cap_js https://vuldb.com/?ctiid.258933 https://vuldb.com/?id.258933 https://vuldb.com/?submit.305410 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33111 – Improper Validation of Array Index in Audio
https://notcve.org/view.php?id=CVE-2023-33111
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-129: Improper Validation of Array Index •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-3130 – Insecure Data Storage leading to sensitive Information disclosure.
https://notcve.org/view.php?id=CVE-2024-3130
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app Las credenciales codificadas en la aplicación CoolKit eWeLlink son anteriores a 5.4.x en Android e IOS, lo que permite a un atacante local acceder no autorizado a datos confidenciales a través del algoritmo de descifrado y la clave obtenida después de descompilar la aplicación. • https://ewelink.cc/security-advisories-and-notices • CWE-798: Use of Hard-coded Credentials •