266 matches found
PT-2024-32494 · Apache · Apache Nimble
Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is related to improper validation of array indices in Apache NimBLE, which could result in out-of-bound memory corruption and crash due to lack of input validation for HCI events fro...
Apache NimBLE 安全漏洞
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. An out-of-bounds read vulnerability exists in Apache NimBLE, which can be...
PT-2024-34712 · Apache · Apache Nimble
Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of HCI Number Of Completed Packets, which could lead to out-of-bound access when...
Apache NimBLE 安全漏洞
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. An out-of-bounds read vulnerability exists in Apache NimBLE, which can be...
Apache NimBLE 安全漏洞
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation, USA, that completely replaces the proprietary SoftDevice on Nordic chipsets.It is part of the Apache Mynewt project. Apache NimBLE suffers from a buffer overflow vulnerability that can be exploited...
PT-2024-32493 · Apache · Apache Nimble
Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: A Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', vulnerability in Apache NimBLE could result in memory corruption when a specially crafted MESH message ...
PT-2024-32496 · Apache · Apache Nimble
Name of the Vulnerable Software and Affected Versions: Apache NimBLE versions through 1.7.0 Description: The issue is an Out-of-bounds Read vulnerability in Apache NimBLE. It is caused by missing proper validation of the HCI advertising report, which could lead to out-of-bound access when parsing...
CVE-2024-7062
Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...
CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...
CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...
CVE-2024-7062
CVE-2024-7062 affects Nimble Commander. The vulnerability is located in the server component info.filesmanager.Files.PrivilegedIOHelperV2 and arises from improper/insufficient validation of a client’s authorization before executing an operation. As described in the connected documents, this can e...
CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087
Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...
Softvelum Nimble Commander 安全漏洞
Softvelum Nimble Commander is a media server software from Softvelum Inc. It is used to stream live and on-demand video and audio to desktop computers, mobile devices, Internet-connected TVs, and more. A security vulnerability exists in Softvelum Nimble Commander that originates from incorrect or...
PT-2024-38051 · Unknown · Nimble Commander
Name of the Vulnerable Software and Affected Versions: Nimble Commander affected versions not specified Description: The issue arises from the server's improper validation of a client's authorization, specifically in the info.filesmanager.Files.PrivilegedIOHelperV2 component. This allows for the...
The vulnerability of the “nimble refresh” function in the Nimble programming language’s package manager allows attackers to execute a “man-in-the-middle” attack or execute arbitrary code.
The vulnerability of the “nimble refresh” function in the Nimble programming language package manager is related to the lack of checks on the loaded packages due to an error in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a “man-in-the-middle” atta...
CVE-2024-32018 Ineffective size check due to assert() and buffer overflow in RIOT
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
Apache NimBLE Denial of Service Vulnerability
Apache NimBLE is an open source Bluetooth 5.4 stack host and controller from the Apache Foundation in the U.S. It completely replaces the proprietary SoftDevice on the Nordic chipset.It is part of the Apache Mynewt project. A denial-of-service vulnerability exists in Apache NimBLE version 1.6.0 a...
CVE-2024-24746
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade...
CVE-2024-24746 Apache NimBLE: Denial of service in NimBLE Bluetooth stack
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade...
CVE-2024-24746
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache NimBLE. Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device. This issue affects Apache NimBLE: through 1.6.0. Users are recommended to upgrade...