CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-27410
https://notcve.org/view.php?id=CVE-2021-27410
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00). El producto afectado es vulnerable a una escritura fuera de límites, lo que puede resultar en una corrupción de datos o una ejecución de código de Welch Allyn medical device management tools (Welch Allyn Service Tool: versiones anteriores a v1.10, Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): versiones anteriores a v5.3, Welch Allyn Software Development Kit (SDK): versiones anteriores a v3.2, Welch Allyn Connex Central Station (CS): versiones anteriores a v1. 8.6, Welch Allyn Service Monitor: versiones anteriores a v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versiones anteriores a v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versiones anteriores a v2. 43.02, Welch Allyn Connex Spot Monitor (CSM): versiones anteriores a v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versiones anteriores a v1.11.00) • https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-27408
https://notcve.org/view.php?id=CVE-2021-27408
The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00). El producto afectado es vulnerable a una lectura fuera de límites, lo que puede causar un filtrado de información que conlleve una ejecución de código arbitrario si se encadena con la vulnerabilidad de escritura fuera de límites de Welch Allyn medical device management tools (Welch Allyn Service Tool: versiones anteriores a v1.10, Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): versiones anteriores a v5.3, Welch Allyn Software Development Kit (SDK): versiones anteriores a v3. 2, Welch Allyn Connex Central Station (CS): versiones anteriores a v1.8.6, Welch Allyn Service Monitor: versiones anteriores a v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versiones anteriores a v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versiones anteriores a v2. 43.02, Welch Allyn Connex Spot Monitor (CSM): versiones anteriores a v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versiones anteriores a v1.11.00) • https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17518
https://notcve.org/view.php?id=CVE-2019-17518
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock. La implementación de Bluetooth Low Energy en Dialog Semiconductor SDK versiones hasta 1.0.14.1081, para dispositivos DA1468x responde a los paquetes de capa de enlace con una longitud de carga útil mayor a la esperada, permitiendo a atacantes dentro del radio de alcance causar un desbordamiento del búfer por medio de un paquete diseñado. Esto afecta, por ejemplo, a August Smart Lock. • https://asset-group.github.io/disclosures/sweyntooth https://www.dialog-semiconductor.com/ja/products/connectivity/bluetooth-low-energy/smartbond-da14680-and-da14681 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17517
https://notcve.org/view.php?id=CVE-2019-17517
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. La implementación de Bluetooth Low Energy en Dialog Semiconductor SDK versiones hasta 5.0.4 para dispositivos DA14580/1/2/3 no restringe apropiadamente la longitud de la carga útil L2CAP, permitiendo a atacantes dentro del radio de alcance causar un desbordamiento del búfer por medio de un paquete de Capa de Enlace diseñado. • https://asset-group.github.io/disclosures/sweyntooth https://www.dialog-semiconductor.com/products/connectivity/bluetooth-low-energy/smartbond-da14580-and-da14583 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5729
https://notcve.org/view.php?id=CVE-2019-5729
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Splunk-SDK-Python, en versiones anteriores a la 1.6.6, no verifica correctamente los certificados TLS no fiables del servidor, lo que podría resultar en ataques de Man-in-the-Middle (MitM) • https://www.splunk.com/view/SP-CAAAQAD • CWE-295: Improper Certificate Validation •