Lucene search
K

665 matches found

OSV
OSV
added 2018/09/07 5:29 p.m.5 views

CVE-2018-16664

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvmsettype in os/storage/antelope/lvm.c while parsing AQL lvmsetop, lvmsetrelation, lvmsetoperand...

7CVSS5.9AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2018/09/07 5:29 p.m.11 views

CVE-2018-16663

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parserelations in os/storage/antelope/aql-parser.c while parsing AQL storage of relations...

7.8CVSS7.9AI score0.00335EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/07 5:0 p.m.16 views

CVE-2018-16664

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvmsettype in os/storage/antelope/lvm.c while parsing AQL lvmsetop, lvmsetrelation, lvmsetoperand...

7.2AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/07 5:0 p.m.17 views

CVE-2018-16667

An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL lvmregistervariable, lvmsetvariablevalue, createintersection, createunion...

7.1AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2018/09/07 5:0 p.m.45 views

CVE-2018-16664

Contiki-NG up to version 4.1 is affected by a buffer overflow in os/storage/antelope/lvm.c: lvm_set_type while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). CNVD-2019-09778 notes that this can be exploited to execute code, indicating a code execution risk, with CVSS potential impac...

7CVSS7.2AI score0.0028EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/09/07 5:0 p.m.18 views

CVE-2018-16666

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in nextstring in os/storage/antelope/aql-lexer.c while parsing AQL parsing next string...

7.9AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2018/09/07 5:0 p.m.38 views

CVE-2018-16665

CVE-2018-16665 : Contiki-NG up to 4.1 (and earlier) contains a buffer overflow in parsing AQL within lvm_shift_for_operator in os/storage/antelope/lvm.c . The issue arises from parsing AQL, leading to potential memory corruption. Documented sources cite a denial-of-service impact; no exploits, af...

6.1CVSS6.5AI score0.00298EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/09/07 5:0 p.m.43 views

CVE-2018-16663

Contiki-NG up to 4.1 is affected by a stack-based buffer overflow in parse_relations (os/storage/antelope/aql-parser.c) during AQL parsing of relations. Several sources describe a potential to crash or execute code due to this overflow, indicating a serious impact if exploitable. Public reference...

7.8CVSS7.8AI score0.00335EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/09/07 5:0 p.m.16 views

CVE-2018-16665

An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvmshiftforoperator in os/storage/antelope/lvm.c...

6.6AI score0.00298EPSS
Exploits0References1
CVE
CVE
added 2018/09/07 5:0 p.m.43 views

CVE-2018-16666

CVE-2018-16666 affects Contiki-NG up to version 4.1, with a stack-based buffer overflow in next_string (os/storage/antelope/aql-lexer.c) during AQL parsing. The CNVD/NVD entries describe an attacker-exploitable condition that can lead to code execution. No patch/version remediation details are pr...

7.8CVSS7.8AI score0.00335EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/09/07 5:0 p.m.14 views

CVE-2018-16663

An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parserelations in os/storage/antelope/aql-parser.c while parsing AQL storage of relations...

7.9AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2018/09/07 5:0 p.m.40 views

CVE-2018-16667

Contiki-NG up to 4.1 contains a buffer over-read in lookup within os/storage/antelope/lvm.c when parsing AQL (functions lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Public references describe this as a Contiki-NG 4.1 vulnerability that can lead to a denial of...

7CVSS7AI score0.00282EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2017/10/24 10:11 p.m.7 views

contiki.com XSS vulnerability

Open Bug Bounty ID: OBB-363983 Description| Value ---|--- Affected Website:| contiki.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
CNVD
CNVD
added 2017/06/02 12:0 a.m.6 views

Contiki Operating System cc26xx-web-demo Cross-Site Scripting Vulnerability

Contiki Operating System is a small, open source, extremely portable multitasking operating system. cc26xx-web-demo is the application used to connect to cloud services. A cross-site scripting vulnerability exists in the MQTT/IBM Cloud Config page a.k.a. mqtt.html of cc26xx-web-demo in the Contik...

6.1CVSS6.2AI score0.00761EPSS
Exploits0References1
Prion
Prion
added 2017/05/28 12:29 a.m.15 views

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

4.3CVSS6.2AI score0.00761EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/05/28 12:29 a.m.14 views

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

7.8CVSS7.4AI score0.01048EPSS
Exploits0References1
OSV
OSV
added 2017/05/28 12:29 a.m.5 views

CVE-2017-7295

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

7.5CVSS5.8AI score0.01048EPSS
Exploits0References1
Prion
Prion
added 2017/05/28 12:29 a.m.18 views

Null pointer dereference

An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...

7.8CVSS7.4AI score0.01048EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/05/28 12:29 a.m.4 views

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

6.1CVSS5.9AI score0.00761EPSS
Exploits0References2
NVD
NVD
added 2017/05/28 12:29 a.m.22 views

CVE-2017-7296

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

6.1CVSS6.3AI score0.00761EPSS
Exploits0References2
Rows per page
Query Builder