Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence...
7.5CVSS
7.3AI Score
0.0005EPSS
A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code...
7.5CVSS
8AI Score
0.001EPSS
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local...
8.8CVSS
7.7AI Score
0.0004EPSS
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except...
6.8CVSS
6.5AI Score
0.001EPSS
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted...
9.8CVSS
9.3AI Score
0.001EPSS
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID:...
5.5CVSS
5.1AI Score
0.0004EPSS
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...
6CVSS
4.1AI Score
0.0004EPSS
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through...
7.5CVSS
7.3AI Score
0.001EPSS
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of...
9.1CVSS
9.1AI Score
0.001EPSS
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the...
6.5CVSS
6.4AI Score
0.0004EPSS
An uncaught exception issue discovered in Softing OPC UA C++ SDK before 6.30 for Windows operating system may cause the application to crash when the server wants to send an error packet, while socket is blocked on...
7.5CVSS
7.5AI Score
0.0005EPSS
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
6.5AI Score
0.0004EPSS
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network...
4.9CVSS
4.7AI Score
0.0005EPSS
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network...
7.1CVSS
6AI Score
0.0005EPSS
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
4.7CVSS
5.4AI Score
0.001EPSS
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive...
5.5CVSS
5.4AI Score
0.001EPSS
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code...
7.8CVSS
7.9AI Score
0.0004EPSS
Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'malloc' for FreeRTOS, resulting in code...
7.8CVSS
8AI Score
0.0004EPSS
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code...
7.8CVSS
7.9AI Score
0.0004EPSS
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code...
7.8CVSS
7.9AI Score
0.0004EPSS
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...
7.5CVSS
8AI Score
0.001EPSS
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...
7.5CVSS
7.5AI Score
0.001EPSS
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
7.1AI Score
0.0004EPSS
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
9.6AI Score
0.001EPSS
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
9.6AI Score
0.001EPSS
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
9.6AI Score
0.001EPSS
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
9.6AI Score
0.001EPSS
An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this...
9.8CVSS
9.3AI Score
0.001EPSS
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
9.7AI Score
0.001EPSS
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been....
9.3CVSS
6.3AI Score
0.001EPSS
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network...
7.1CVSS
6.8AI Score
0.0004EPSS
lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block...
5.3CVSS
5.3AI Score
0.001EPSS
Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in....
5.5CVSS
5.2AI Score
0.001EPSS
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network...
8.1CVSS
7.7AI Score
0.0005EPSS
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL...
5.5CVSS
5.4AI Score
0.001EPSS
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local...
3.3CVSS
3.8AI Score
0.0005EPSS
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive...
7.5CVSS
7.2AI Score
0.001EPSS
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code...
9.6CVSS
8.9AI Score
0.001EPSS
A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. A reset of the device immediately clears the...
6.5CVSS
6.4AI Score
0.0004EPSS
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is...
5.5CVSS
5.4AI Score
0.0004EPSS
Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the...
9.8CVSS
9.5AI Score
0.002EPSS
Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the...
3.3CVSS
4.3AI Score
0.0004EPSS
Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to...
7.5CVSS
7.5AI Score
0.002EPSS