CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4280 – Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region
https://notcve.org/view.php?id=CVE-2023-4280
02 Jan 2024 — An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Una entrada no validada en la implementación de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la región confiable de la memoria desde la región que no es confiable. • https://community.silabs.com/069Vm0000004NinIAE • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41097 – Potential Timing vulnerability in CBC PKCS7 padding calculations
https://notcve.org/view.php?id=CVE-2023-41097
21 Dec 2023 — An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0. • https://github.com/SiliconLabs/gecko_sdk/releases • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4020 – Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
https://notcve.org/view.php?id=CVE-2023-4020
15 Dec 2023 — An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región n... • https://community.silabs.com/069Vm0000004b95IAA • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5310 – Z-Wave Denial of Service caused by Stream of Packets
https://notcve.org/view.php?id=CVE-2023-5310
15 Dec 2023 — A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. Existe una vulnerabilidad de denegación de servicio en todos los controladores y dispositivos de endpoint Z-Wave de Silicon Labs que ejecutan Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) y versiones anteriores. Este ataque solo puede ser llevado a cabo po... • https://github.com/SiliconLabs/gecko_sdk/releases • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4489 – Z/IP Gateway Use of Uninitialized PRNG when Generating S0 Encryption Key
https://notcve.org/view.php?id=CVE-2023-4489
14 Dec 2023 — The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access. La primera clave de cifrado S0 se genera con un PRNG no inicializado en productos Z/IP Gateway que ejecutan Silicon Labs Z/IP Gateway SDK v7.18.3 y versiones anteriores. Esto hace que la primera clave S0 generada al in... • https://github.com/SiliconLabs/gecko_sdk • CWE-908: Use of Uninitialized Resource CWE-1279: Cryptographic Operations are run Before Supporting Units are Ready •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-24585
https://notcve.org/view.php?id=CVE-2023-24585
14 Nov 2023 — An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de los límites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar daños en la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28391
https://notcve.org/view.php?id=CVE-2023-28391
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27882
https://notcve.org/view.php?id=CVE-2023-27882
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28379
https://notcve.org/view.php?id=CVE-2023-28379
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1738 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •