665 matches found
CVE-2018-16664
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvmsettype in os/storage/antelope/lvm.c while parsing AQL lvmsetop, lvmsetrelation, lvmsetoperand...
CVE-2018-16663
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parserelations in os/storage/antelope/aql-parser.c while parsing AQL storage of relations...
CVE-2018-16664
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow in lvmsettype in os/storage/antelope/lvm.c while parsing AQL lvmsetop, lvmsetrelation, lvmsetoperand...
CVE-2018-16667
An issue was discovered in Contiki-NG through 4.1. There is a buffer over-read in lookup in os/storage/antelope/lvm.c while parsing AQL lvmregistervariable, lvmsetvariablevalue, createintersection, createunion...
CVE-2018-16664
Contiki-NG up to version 4.1 is affected by a buffer overflow in os/storage/antelope/lvm.c: lvm_set_type while parsing AQL (lvm_set_op, lvm_set_relation, lvm_set_operand). CNVD-2019-09778 notes that this can be exploited to execute code, indicating a code execution risk, with CVSS potential impac...
CVE-2018-16666
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in nextstring in os/storage/antelope/aql-lexer.c while parsing AQL parsing next string...
CVE-2018-16665
CVE-2018-16665 : Contiki-NG up to 4.1 (and earlier) contains a buffer overflow in parsing AQL within lvm_shift_for_operator in os/storage/antelope/lvm.c . The issue arises from parsing AQL, leading to potential memory corruption. Documented sources cite a denial-of-service impact; no exploits, af...
CVE-2018-16663
Contiki-NG up to 4.1 is affected by a stack-based buffer overflow in parse_relations (os/storage/antelope/aql-parser.c) during AQL parsing of relations. Several sources describe a potential to crash or execute code due to this overflow, indicating a serious impact if exploitable. Public reference...
CVE-2018-16665
An issue was discovered in Contiki-NG through 4.1. There is a buffer overflow while parsing AQL in lvmshiftforoperator in os/storage/antelope/lvm.c...
CVE-2018-16666
CVE-2018-16666 affects Contiki-NG up to version 4.1, with a stack-based buffer overflow in next_string (os/storage/antelope/aql-lexer.c) during AQL parsing. The CNVD/NVD entries describe an attacker-exploitable condition that can lead to code execution. No patch/version remediation details are pr...
CVE-2018-16663
An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parserelations in os/storage/antelope/aql-parser.c while parsing AQL storage of relations...
CVE-2018-16667
Contiki-NG up to 4.1 contains a buffer over-read in lookup within os/storage/antelope/lvm.c when parsing AQL (functions lvm_register_variable, lvm_set_variable_value, create_intersection, create_union). Public references describe this as a Contiki-NG 4.1 vulnerability that can lead to a denial of...
contiki.com XSS vulnerability
Open Bug Bounty ID: OBB-363983 Description| Value ---|--- Affected Website:| contiki.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Contiki Operating System cc26xx-web-demo Cross-Site Scripting Vulnerability
Contiki Operating System is a small, open source, extremely portable multitasking operating system. cc26xx-web-demo is the application used to connect to cloud services. A cross-site scripting vulnerability exists in the MQTT/IBM Cloud Config page a.k.a. mqtt.html of cc26xx-web-demo in the Contik...
Design/Logic Flaw
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...
CVE-2017-7295
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...
CVE-2017-7295
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...
Null pointer dereference
An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the httpstate structure was not deallocated properly, resulting in a NULL pointer dereference in the output processing...
CVE-2017-7296
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...
CVE-2017-7296
An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...