CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28379
https://notcve.org/view.php?id=CVE-2023-28379
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1738 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31247
https://notcve.org/view.php?id=CVE-2023-31247
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server Host de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1746 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3024 – Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2023-3024
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. Obligar a la pila Bluetooth LE a segmentar paquetes de "prepare write response" puede provocar un acceso a la memoria fuera de los límites. • https://github.com/SiliconLabs/gecko_sdk https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ViQvHQAV/?operationContext=S1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3488 – Uninitialized variable in Gecko Bootloader can leak secure stack
https://notcve.org/view.php?id=CVE-2023-3488
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000Wi3HwQAJ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk/releases • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2747 – Uninitialized IV in Silicon Labs SE FW v2.0.0 through v 2.2.1 for internally stored data
https://notcve.org/view.php?id=CVE-2023-2747
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. • https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1 https://github.com/SiliconLabs/gecko_sdk • CWE-908: Use of Uninitialized Resource CWE-1204: Generation of Weak Initialization Vector (IV) •