5 matches found
CVE-2020-27634
In Contiki 4.5, TCP ISNs are improperly random...
SUSE CVE-2020-17439
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query wi...
CVE-2020-13985
An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rplremoveheader in net/rpl/rpl-ext-header.c...
UBUNTU-CVE-2020-17437
An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by...
Contiki Operating System cc26xx-web-demo Cross-Site Scripting Vulnerability
Contiki Operating System is a small, open source, extremely portable multitasking operating system. cc26xx-web-demo is the application used to connect to cloud services. A cross-site scripting vulnerability exists in the MQTT/IBM Cloud Config page a.k.a. mqtt.html of cc26xx-web-demo in the Contik...