CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6874 – Zigbee Unauthenticated DoS via NWK Sequence number manipulation
https://notcve.org/view.php?id=CVE-2023-6874
05 Feb 2024 — Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number Antes de v7.4.0, Ember ZNet es vulnerable a un ataque de denegación de servicio mediante la manipulación del número de secuencia NWK • https://community.silabs.com/069Vm000000WXaOIAW • CWE-312: Cleartext Storage of Sensitive Information CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2023-6387 – Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow
https://notcve.org/view.php?id=CVE-2023-6387
02 Feb 2024 — A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution Existe un posible desbordamiento del búfer en la aplicación de muestra Bluetooth LE HCI CPC en el SDK de Gecko, lo que puede provocar una denegación de servicio o la ejecución remota de código. • https://github.com/A3ST1CODE/CVE_6387 • CWE-125: Out-of-bounds Read CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5138 – Glitch detection not active by default in Silicon Labs Secure Vault High devices
https://notcve.org/view.php?id=CVE-2023-5138
03 Jan 2024 — Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. La detección de fallos no está habilitada de forma predeterminada para el núcleo CortexM33 en las partes altas de la bóveda segura de Silicon Labs EFx32xG2xB, excepto EFR32xG21B. • https://community.silabs.com/069Vm0000004f6DIAQ • CWE-909: Missing Initialization of Resource CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4280 – Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region
https://notcve.org/view.php?id=CVE-2023-4280
02 Jan 2024 — An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Una entrada no validada en la implementación de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la región confiable de la memoria desde la región que no es confiable. • https://community.silabs.com/069Vm0000004NinIAE • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41097 – Potential Timing vulnerability in CBC PKCS7 padding calculations
https://notcve.org/view.php?id=CVE-2023-41097
21 Dec 2023 — An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0. • https://github.com/SiliconLabs/gecko_sdk/releases • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4020 – Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
https://notcve.org/view.php?id=CVE-2023-4020
15 Dec 2023 — An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región n... • https://community.silabs.com/069Vm0000004b95IAA • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-24585
https://notcve.org/view.php?id=CVE-2023-24585
14 Nov 2023 — An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de los límites en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar daños en la memoria. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1725 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-25181
https://notcve.org/view.php?id=CVE-2023-25181
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un conjunto de paquetes de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1726 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-28391
https://notcve.org/view.php?id=CVE-2023-28391
14 Nov 2023 — A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de corrupción de memoria en la funcionalidad de análisis de encabezados de HTTP Server de Weston Embedded uC-HTTP v3.01.01. Los paquetes de red especialmente manipulados pueden conducir a la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1732 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27882
https://notcve.org/view.php?id=CVE-2023-27882
14 Nov 2023 — A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de límite de formulario HTTP Server de Weston Embedded uC-HTTP v3.01.01. Un paquete de red especialmente manipulado puede provocar la ejecución de código. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1733 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •