component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet...
9.8CVSS
9.4AI Score
0.002EPSS
5.3CVSS
5.3AI Score
0.004EPSS
Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory...
7.5CVSS
7.4AI Score
0.001EPSS
b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race...
4.7CVSS
4.2AI Score
0.0004EPSS
Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with...
6.5CVSS
6.3AI Score
0.001EPSS
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information...
4.6CVSS
4.4AI Score
0.001EPSS
4.9CVSS
5.1AI Score
0.008EPSS
Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component...
7.8CVSS
7.6AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in...
7.8CVSS
7.6AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in...
5.5CVSS
5.5AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component...
5.5CVSS
5.5AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component...
7.8CVSS
7.8AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component...
5.5CVSS
5.4AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component...
7.8CVSS
7.6AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in...
5.5CVSS
5.5AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in...
5.5CVSS
5.5AI Score
0.001EPSS
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component...
5.5CVSS
5.5AI Score
0.001EPSS
Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system...
7.5CVSS
7.3AI Score
0.002EPSS
The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applications. Malicious apps can use the interface provided by the service to set the number of applications allowed to run in the background to 0 and add themselves to the whitelist, so that once other...
7.5CVSS
7.3AI Score
0.002EPSS
There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of...
7.5CVSS
7.5AI Score
0.003EPSS
There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK V1.0, which could cause a media crash (denial of...
7.5CVSS
7.4AI Score
0.004EPSS
There is a NULL pointer dereference in the syscall open_exec function of Allwinner R818 SoC Android Q SDK V1.0 that could executable a malicious file to cause a system...
7.5CVSS
7.3AI Score
0.003EPSS
There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev that could use the ioctl cmd IOCTL_GET_IOMMU_ADDR to cause a system...
7.5CVSS
7.3AI Score
0.004EPSS
There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar_dev" through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system crash or...
7.5CVSS
7.4AI Score
0.003EPSS
Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program....
4.6CVSS
4.2AI Score
0.001EPSS
An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability.....
7.8CVSS
7.5AI Score
0.001EPSS
An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability.....
7.8CVSS
7.5AI Score
0.001EPSS
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this...
7.8CVSS
7.8AI Score
0.001EPSS
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in...
6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.028EPSS
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can construct a crafted...
9.8CVSS
9.4AI Score
0.007EPSS
When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend...
8.8CVSS
8.7AI Score
0.001EPSS
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end...
7.8CVSS
7.7AI Score
0.001EPSS
An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation...
7.8CVSS
7.7AI Score
0.001EPSS
An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the...
7.8CVSS
7.7AI Score
0.001EPSS
An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated....
7.8CVSS
7.7AI Score
0.001EPSS
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4,...
7.5CVSS
8AI Score
0.002EPSS
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before...
9.8CVSS
9.2AI Score
0.004EPSS
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities...
8.8CVSS
8.5AI Score
0.001EPSS
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities...
8.8CVSS
8.4AI Score
0.001EPSS
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default...
8.8CVSS
8.4AI Score
0.001EPSS
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer....
7.2CVSS
6.7AI Score
0.002EPSS
An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read...
8.8CVSS
8.6AI Score
0.005EPSS
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the...
7.8CVSS
7.6AI Score
0.001EPSS
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta...
5.7CVSS
5.3AI Score
0.001EPSS
Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local...
6.7CVSS
6.6AI Score
0.0004EPSS
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to....
3.3CVSS
4AI Score
0.002EPSS
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some...
5.9CVSS
5.6AI Score
0.002EPSS
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which...
6.5CVSS
6.4AI Score
0.001EPSS
A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients....
5.9CVSS
5.4AI Score
0.001EPSS