CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4020 – Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
https://notcve.org/view.php?id=CVE-2023-4020
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región no segura de la memoria. • https://community.silabs.com/069Vm0000004b95IAA https://github.com/SiliconLabs/gecko_sdk/releases • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-24585
https://notcve.org/view.php?id=CVE-2023-24585
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de los límites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar daños en la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28391
https://notcve.org/view.php?id=CVE-2023-28391
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27882
https://notcve.org/view.php?id=CVE-2023-27882
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •