CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-30166
https://notcve.org/view.php?id=CVE-2024-30166
In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. • https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0 https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50313 – IBM WebSphere Application Server information disclosure
https://notcve.org/view.php?id=CVE-2023-50313
IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274812. IBM WebSphere Application Server 8.5 y 9.0 podría proporcionar una seguridad más débil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuración del usuario. ID de IBM X-Force: 274812. • https://exchange.xforce.ibmcloud.com/vulnerabilities/274812 https://www.ibm.com/support/pages/node/7145620 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51456
https://notcve.org/view.php?id=CVE-2023-51456
A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51455
https://notcve.org/view.php?id=CVE-2023-51455
A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51455 • CWE-129: Improper Validation of Array Index •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-51454
https://notcve.org/view.php?id=CVE-2023-51454
A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454 • CWE-787: Out-of-bounds Write •