Software Development Kit Security Vulnerabilities

CVE-2023-6874

Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence...

CVE-2023-6387

A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code...

CVE-2023-49647

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local...

CVE-2023-5138

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except...

CVE-2023-4280

An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted...

CVE-2023-32831

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID:...

CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...

CVE-2023-41097

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through...

CVE-2023-4020

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of...

CVE-2023-5310

A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the...

CVE-2023-41151

An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on...

CVE-2023-49646

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network...

CVE-2023-43583

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network...

CVE-2023-43585

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network...

CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure...

CVE-2023-42572

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive...

CVE-2021-27502

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code...

CVE-2021-27504

Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code...

CVE-2021-27429

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code...

CVE-2021-22636

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code...

CVE-2023-39206

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...

CVE-2023-39204

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...

CVE-2023-39205

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network...

CVE-2023-31247

A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...

CVE-2023-28391

A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this...

CVE-2023-27882

A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...

CVE-2023-28379

A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...

CVE-2023-24585

An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this...

CVE-2023-25181

A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this...

CVE-2023-46729

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been....

CVE-2023-3024

Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory...

CVE-2023-39215

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network...

CVE-2023-39743

lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block...

CVE-2023-32663

Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2023-29151

Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2023-38210

Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in....

CVE-2023-39214

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network...

CVE-2023-39210

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local...

CVE-2023-39217

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network...

CVE-2023-36533

Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network...

CVE-2023-3488

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL...

CVE-2023-34117

Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local...

CVE-2023-36539

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive...

CVE-2023-3110

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code...

CVE-2023-2683

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the...

CVE-2023-2747

The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is...

CVE-2023-2686

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the...

CVE-2023-2687

Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the...

CVE-2023-32099

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to...