Lucene search
+L

266 matches found

Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.6 views

PT-2024-32494 · Apache · Apache Nimble

Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is related to improper validation of array indices in Apache NimBLE, which could result in out-of-bound memory corruption and crash due to lack of input validation for HCI events fro...

5CVSS6.6AI score0.00597EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.6 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. An out-of-bounds read vulnerability exists in Apache NimBLE, which can be...

7.5CVSS6.8AI score0.01155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.5 views

PT-2024-34712 · Apache · Apache Nimble

Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of HCI Number Of Completed Packets, which could lead to out-of-bound access when...

7.5CVSS7.2AI score0.01155EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.6 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. An out-of-bounds read vulnerability exists in Apache NimBLE, which can be...

5CVSS6.8AI score0.00664EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.7 views

Apache NimBLE 安全漏洞

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. Apache NimBLE suffers from a buffer overflow vulnerability that can be exploited...

6.3CVSS7.3AI score0.00692EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.7 views

PT-2024-32493 · Apache · Apache Nimble

Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: A Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', vulnerability in Apache NimBLE could result in memory corruption when a specially crafted MESH message ...

6.3CVSS6.4AI score0.00692EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.12 views

PT-2024-32496 · Apache · Apache Nimble

Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of the HCI advertising report, which could lead to out-of-bound access when parsing...

5CVSS4.9AI score0.00664EPSS
Exploits0References11
NVD
NVD
added 2024/07/26 12:15 p.m.27 views

CVE-2024-7062

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

8.8CVSS0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/26 11:26 a.m.28 views

CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

8.8CVSS7.8AI score0.00246EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/26 11:26 a.m.34 views

CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

8.8CVSS0.00246EPSS
Exploits1References1
CVE
CVE
added 2024/07/26 11:26 a.m.85 views

CVE-2024-7062

CVE-2024-7062 affects Nimble Commander. The vulnerability is located in the server component info.filesmanager.Files.PrivilegedIOHelperV2 and arises from improper/insufficient validation of a client’s authorization before executing an operation. As described in the connected documents, this can e...

8.8CVSS9.2AI score0.00246EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/07/26 11:26 a.m.16 views

CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

8.8CVSS6.1AI score0.00246EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/07/26 12:0 a.m.6 views

Softvelum Nimble Commander 安全漏洞

Softvelum Nimble Commander is a media server software from Softvelum Inc. It is used to stream live and on-demand video and audio to desktop computers, mobile devices, Internet-connected TVs, and more. A security vulnerability exists in Softvelum Nimble Commander that originates from incorrect or...

8.8CVSS6.9AI score0.00246EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/26 12:0 a.m.11 views

PT-2024-38051 · Unknown · Nimble Commander

Name of the Vulnerable Software and Affected Versions: Nimble Commander affected versions not specified Description: The issue arises from the server's improper validation of a client's authorization, specifically in the info.filesmanager.Files.PrivilegedIOHelperV2 component. This allows for the...

8.8CVSS7.1AI score0.00246EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2024/06/05 12:0 a.m.7 views

The vulnerability of the “nimble refresh” function in the Nimble programming language’s package manager allows attackers to execute a “man-in-the-middle” attack or execute arbitrary code.

The vulnerability of the “nimble refresh” function in the Nimble programming language package manager is related to the lack of checks on the loaded packages due to an error in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” atta...

8.1CVSS7.9AI score0.01044EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2024/05/01 6:14 a.m.5 views

CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...

8.8CVSS8AI score0.01466EPSS
Exploits2References6
CNVD
CNVD
added 2024/04/09 12:0 a.m.5 views

Apache NimBLE Denial of Service Vulnerability

Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation in the U.S. It completely replaces the proprietary SoftDevice on the Nordic chipset.It is part of the Apache Mynewt project. A denial-of-service vulnerability exists in Apache NimBLE version 1.6.0 a...

7.5CVSS6.7AI score0.01458EPSS
Exploits0References1
NVD
NVD
added 2024/04/06 12:15 p.m.20 views

CVE-2024-24746

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade...

7.5CVSS6.5AI score0.01458EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/06 11:56 a.m.33 views

CVE-2024-24746 Apache NimBLE: Denial of service in NimBLE Bluetooth stack

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade...

6.7AI score0.01458EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2024/04/06 11:56 a.m.3 views

CVE-2024-24746

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade...

7.5CVSS7.2AI score0.01458EPSS
Exploits0References3
Rows per page
Query Builder