CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-32831
https://notcve.org/view.php?id=CVE-2023-32831
02 Jan 2024 — In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868. En el controlador WLAN, existe una posible vulneración del PIN debido al uso de valores insuficientemente aleatorios. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39257 – Matrix iOS SDK vulnerable to impersonation via forwarded Megolm sessions
https://notcve.org/view.php?id=CVE-2022-39257
28 Sep 2022 — Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix... • https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39255 – Matrix iOS SDK vulnerable ton Olm/Megolm protocol confusion
https://notcve.org/view.php?id=CVE-2022-39255
28 Sep 2022 — Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can... • https://github.com/matrix-org/matrix-ios-sdk/commit/5ca86c328a5faaab429c240551cb9ca8f0f6262c • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39248 – matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
https://notcve.org/view.php?id=CVE-2022-39248
28 Sep 2022 — matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to in... • https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39246 – matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
https://notcve.org/view.php?id=CVE-2022-39246
28 Sep 2022 — matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1.5.1, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the key forwarding strategy implemented in the matrix-android-sdk2 that is too permissive. Starting with version 1.5.1, the default policy for accepting key forwards has been made more ... • https://github.com/matrix-org/matrix-android-sdk2/commit/77df720a238d17308deab83ecaa37f7a4740a17e • CWE-287: Improper Authentication CWE-322: Key Exchange without Entity Authentication •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-27410
https://notcve.org/view.php?id=CVE-2021-27410
11 Jun 2021 — The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.... • https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-27408
https://notcve.org/view.php?id=CVE-2021-27408
11 Jun 2021 — The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions p... • https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17518
https://notcve.org/view.php?id=CVE-2019-17518
10 Feb 2020 — The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock. La implementación de Bluetooth Low Energy en Dialog Semiconductor SDK versiones hasta 1.0.14.1081, para dispositivos DA1468x responde a los paquetes de capa de enlace con una longitud de carga útil ma... • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17517
https://notcve.org/view.php?id=CVE-2019-17517
10 Feb 2020 — The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet. La implementación de Bluetooth Low Energy en Dialog Semiconductor SDK versiones hasta 5.0.4 para dispositivos DA14580/1/2/3 no restringe apropiadamente la longitud de la carga útil L2CAP, permitiendo a atacantes dentro del radio de alcance causar un desbord... • https://asset-group.github.io/disclosures/sweyntooth • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5729
https://notcve.org/view.php?id=CVE-2019-5729
19 Mar 2019 — Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. Splunk-SDK-Python, en versiones anteriores a la 1.6.6, no verifica correctamente los certificados TLS no fiables del servidor, lo que podría resultar en ataques de Man-in-the-Middle (MitM) • https://www.splunk.com/view/SP-CAAAQAD • CWE-295: Improper Certificate Validation •