EUVD-2021-9688

Malicious code in bioql PyPI...

Unspecified vulnerability in iot-device-sdk-embedded-c

iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...

CVE-2021-22547

In IoT Devices SDK, there is an implementation of calloc that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading th...

CVE-2021-22547

CVE-2021-22547 affects the Google Cloud IoT Device SDK for Embedded C (IoT Devices SDK). The root cause is a calloc() implementation without a length check, which can allow an attacker to provide memory objects larger than the buffer and wrap around to create a smaller buffer, enabling access to ...

iot-device-sdk-embedded-c 安全漏洞

iot-device-sdk-embedded-c is an application plugin. The Google Cloud IoT Device SDK for embedded C is an easily portable open source C library that connects low-end IoT devices to Google Cloud IoT Core. iot-device-sdk-embedded-c suffers from a security vulnerability that stems from the...

Multiple Stack Overflows Through Embedded C Dependency

nokogiri has a copied version of the Libxml2 library. Libxml2 is susceptible to 2 stack overflow vulnerabilities. The first is CVE-2017-9047. The function xmlSnprintfElementContent in valid.c does not recursively dump the element content definition into a char buffer buf of size size. When the...