Show filters
2,336 Total Results
Displaying 31-40 of 2,336
Sort by:
Attacker Value
Unknown
CVE-2020-13543
Disclosure Date: December 03, 2020 (last updated February 22, 2025)
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.
1
Attacker Value
Unknown
CVE-2020-15531
Disclosure Date: August 20, 2020 (last updated February 22, 2025)
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.
1
Attacker Value
Unknown
CVE-2020-1472
Disclosure Date: August 17, 2020 (last updated February 21, 2025)
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers…
1
Attacker Value
Moderate
CVE-2019-17519
Disclosure Date: February 12, 2020 (last updated February 21, 2025)
The Bluetooth Low Energy implementation on NXP SDK through 2.2.1 for KW41Z devices does not properly restrict the Link Layer payload length, allowing attackers in radio range to cause a buffer overflow via a crafted packet.
0
Attacker Value
Moderate
CVE-2019-19193
Disclosure Date: February 10, 2020 (last updated November 27, 2024)
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
0
Attacker Value
Moderate
CVE-2019-17517
Disclosure Date: February 10, 2020 (last updated February 21, 2025)
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 5.0.4 for DA14580/1/2/3 devices does not properly restrict the L2CAP payload length, allowing attackers in radio range to cause a buffer overflow via a crafted Link Layer packet.
0
Attacker Value
Moderate
CVE-2019-17520
Disclosure Date: February 10, 2020 (last updated February 21, 2025)
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.
0
Attacker Value
Moderate
CVE-2019-17518
Disclosure Date: February 10, 2020 (last updated February 21, 2025)
The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.
0
Attacker Value
Moderate
CVE-2019-17060
Disclosure Date: February 10, 2020 (last updated February 21, 2025)
The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.
0
Attacker Value
Unknown
CVE-2019-16518
Disclosure Date: September 23, 2019 (last updated November 27, 2024)
An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.
1