12 matches found
EUVD-2023-58565
Malicious code in bioql PyPI...
EUVD-2023-58566
Malicious code in bioql PyPI...
The vulnerability of the development package for integrating cloud services and communication functions in IoT devices. The Kalay SDK, a microprogramming software for video surveillance cameras such as Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE, is related to the use of uninitialized variables, allowing attackers to disclose confidential information.
The vulnerability of the development package for integrating cloud services and communication functions in IoT devices is related to the use of uninitialized variables. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
CVE-2023-6324
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6323
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
CVE-2023-6323
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6324
ThroughTek Kalay SDK (used in Owlet Cam, Wyze Cam v3, Roku Indoor Camera SE) has a DTLS PSK handling flaw: it uses a predictable PSK value when an unexpected PSK identity is encountered, potentially exposing protected information. Related sources cite affected Kalay SDK versions (3.x to 4.x) and ...
CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...
CVE-2023-6323 ThroughTek Kalay SDK insufficient verification of message authenticity
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...
CVE-2023-6323
CVE-2023-6323 affects ThroughTek Kalay SDK, where the SDK does not verify the authenticity of received messages, enabling an attacker to impersonate an authoritative server. Documentation consistently identifies this as a message-authentication failure with impact on confidentiality (through pote...
CVE-2023-6323 ThroughTek Kalay SDK insufficient verification of message authenticity
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server...