CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28379
https://notcve.org/view.php?id=CVE-2023-28379
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1738 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-31247
https://notcve.org/view.php?id=CVE-2023-31247
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server Host de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1746 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41096 – Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices
https://notcve.org/view.php?id=CVE-2023-41096
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. Vulnerabilidad de Falta de Cifrado de Claves de Seguridad en Silicon Labs Ember ZNet SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de las credenciales de red almacenadas en la memoria flash. Este problema afecta a Silicon Labs Ember ZNet SDK: 7.3.1 y versiones anteriores. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41095 – Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices
https://notcve.org/view.php?id=CVE-2023-41095
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. Vulnerabilidad de falta de cifrado de claves de seguridad en Silicon Labs OpenThread SDK de 32 bits, ARM (módulos SecureVault High) permite una posible modificación o extracción de credenciales de red almacenadas en la memoria flash. Este problema afecta al SDK OpenThread de Silicon Labs: 2.3.1 y versiones anteriores. • https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000ZkKh7QAF?operationContext=S1 • CWE-311: Missing Encryption of Sensitive Data CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3487 – Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
https://notcve.org/view.php?id=CVE-2023-3487
An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versión 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento. • https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV https://github.com/SiliconLabs/gecko_sdk/releases • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •