EUVD-2023-59146

Malicious code in bioql PyPI...

EUVD-2023-59145

Malicious code in bioql PyPI...

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...

CVE-2023-6950

An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself...

CVE-2023-51453

A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the processpushfile function implemented in the libv2sdk....

CVE-2023-51454

A Out-of-bounds Write issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the mytcpreceive function implemented in the...

CVE-2023-6948

A Buffer Copy without Checking Size of Input issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdkprintf function implemented in th...

CVE-2023-51452

A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...

CVE-2023-51456

CVE-2023-51456 affects DJI drone devices via an Improper Input Validation in the v2_pack_array_to_msg function of libv2_sdk.so used by the v2_sdk_service on port 10000. The issue allows out-of-bounds read/write in memory, risking memory information leaks or arbitrary code execution. Affected: Mav...

CVE-2023-51455

A Improper Validation of Array Index issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the onreceivesessionpacketack function implemented in the libv2sdk.so...

CVE-2023-51455

CVE-2023-51455 concerns an Improper Validation of Array Index in the v2_sdk_service on DJI devices, specifically in the on_receive_session_packet_ack function of libv2_sdk.so used by the dji_vtwo_sdk service and exposed on port 10000. Affected devices/versions include Mavic 3 Pro < v01.01.0300...

CVE-2023-51454

The CVE-2023-51454 entry is supported by concrete details across connected sources: an out-of-bounds write in the v2_sdk_service listening on port 10000 of several DJI devices, caused by an unsafe memory write in my_tcp_receive in libv2_sdk.so. Affected are Mavic 3 Pro (< v01.01.0300), Mavic 3...

CVE-2023-51454

A Out-of-bounds Write issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the mytcpreceive function implemented in the...

CVE-2023-51452

A Improper Input Validation issue affecting the v2sdkservice running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pullfilev2proc function implemented in the libv2sdk.s...

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6951

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone’s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction...

CVE-2023-6951

CVE-2023-6951 concerns a Use of Weak Credentials affecting DJI drone Wi‑Fi networks (Mavic 3 Pro <= v01.01.0300, Mavic 3 <= v01.00.1200, Mavic 3 Classic <= v01.00.0500, Mavic 3 Enterprise <= v07.01.10.03, Matrice 300 <= v57.00.01.00, Matrice M30 <= v07.01.0022, Mini 3 Pro

CVE-2023-6950

An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself...

CVE-2023-6949

A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of...