CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28391
https://notcve.org/view.php?id=CVE-2023-28391
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27882
https://notcve.org/view.php?id=CVE-2023-27882
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28379
https://notcve.org/view.php?id=CVE-2023-28379
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1738 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31247
https://notcve.org/view.php?id=CVE-2023-31247
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server Host de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1746 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41096 – Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
https://notcve.org/view.php?id=CVE-2023-41096
26 Oct 2023 — Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. Vulnerabilidad de Falta de Cifrado de Claves de Seguridad en Silicon Labs Ember ZNet SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de las credenciales de red almacenadas en la memoria flash. ... • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41095 – Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
https://notcve.org/view.php?id=CVE-2023-41095
26 Oct 2023 — Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. Vulnerabilidad de falta de cifrado de claves de seguridad en Silicon Labs OpenThread SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de credenciales de red almacenadas en la memoria flash. Este... • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3487 – Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
https://notcve.org/view.php?id=CVE-2023-3487
20 Oct 2023 — An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versión 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento. • https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27630
https://notcve.org/view.php?id=CVE-2020-27630
10 Oct 2023 — In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. En Silicon Labs uC/TCP-IP 3.6.0, los ISN de TCP son incorrectamente aleatorios. • https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01 • CWE-330: Use of Insufficiently Random Values •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41094 – Touchlink authentication bypass due to packets processed after timeout or out of range in Ember ZNet
https://notcve.org/view.php?id=CVE-2023-41094
04 Oct 2023 — TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected Los paquetes TouchLink procesados después del tiempo de espera o fuera del alcance debido a la operación de un recurso después de la c... • https://community.silabs.com/0688Y00000aIPzL • CWE-672: Operation on a Resource after Expiration or Release CWE-772: Missing Release of Resource after Effective Lifetime CWE-940: Improper Verification of Source of a Communication Channel •