cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-28488,https://securityvulnerability.io/vulnerability/CVE-2023-28488,Buffer Overflow Vulnerability in ConnMan from Vendor Impacting Network Services,"The vulnerability in ConnMan's client.c file allows network-adjacent attackers operating a malicious DHCP server to exploit a stack-based buffer overflow. This exploitation can lead to a denial of service by terminating the ConnMan process, disrupting network services for connected devices. The issue affects versions of ConnMan prior to 1.41, highlighting the importance of keeping network service software updated and properly configured to mitigate potential attacks.",Intel,Connman,6.5,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2023-04-12T00:00:00.000Z,0
CVE-2022-32293,https://securityvulnerability.io/vulnerability/CVE-2022-32293,WISPr HTTP Query Vulnerability in ConnMan by The ConnMan Project,"A serious vulnerability exists in ConnMan versions up to 1.41, where a man-in-the-middle attack targeting a WISPR HTTP query can exploit a use-after-free condition in the WISPR handling mechanism. This flaw allows an attacker to potentially crash the application or execute arbitrary code, posing significant risks to systems utilizing ConnMan for network management.",Intel,Connman,8.1,HIGH,0.052889999002218246,false,,false,false,false,,,false,false,,2022-08-03T00:00:00.000Z,0
CVE-2022-32292,https://securityvulnerability.io/vulnerability/CVE-2022-32292,Heap-based Buffer Overflow Vulnerability in ConnMan by Intel,"In versions of ConnMan up to 1.41, a vulnerability exists where remote attackers can exploit the gweb component by sending crafted HTTP requests. This leads to a heap-based buffer overflow in the received_data function, potentially allowing the execution of arbitrary code. The lack of adequate validation and handling of incoming data poses significant risks, necessitating prompt mitigative actions.",Intel,Connman,9.8,CRITICAL,0.04075999930500984,false,,false,false,false,,,false,false,,2022-08-03T00:00:00.000Z,0
CVE-2022-23096,https://securityvulnerability.io/vulnerability/CVE-2022-23096,Out-of-Bounds Read Vulnerability in Connman DNS Proxy,"A critical issue has been discovered in the DNS proxy component of Connman, where the implementation of the TCP server reply fails to validate the presence of sufficient header data. This oversight allows an out-of-bounds read, which could lead to potential information disclosure or further exploitation of the affected systems. Users are advised to apply the latest updates to ensure network security.",Intel,Connman,9.1,CRITICAL,0.003809999907389283,false,,false,false,false,,,false,false,,2022-01-28T15:31:21.000Z,0
CVE-2022-23097,https://securityvulnerability.io/vulnerability/CVE-2022-23097,Out-of-Bounds Read in Connman's DNS Proxy Affects Multiple Releases,"A vulnerability has been identified in Connman's DNS proxy that arises from improper handling of the `strnlen` function within the `forward_dns_reply` mechanism. This flaw can result in an out-of-bounds read, potentially allowing attackers to access sensitive memory locations. Users of Connman versions up to 1.40 are advised to apply security updates promptly to mitigate any risks associated with this vulnerability.",Intel,Connman,9.1,CRITICAL,0.003809999907389283,false,,false,false,false,,,false,false,,2022-01-28T00:00:00.000Z,0
CVE-2022-23098,https://securityvulnerability.io/vulnerability/CVE-2022-23098,Infinite Loop Issue in DNS Proxy of Connman by the Linux Foundation,"A vulnerability has been identified in the DNS proxy of Connman, where the TCP server's reply implementation can lead to an infinite loop if no data is received. This can potentially cause the service to become unresponsive, affecting network operations and system stability. Users of affected versions should take necessary actions to mitigate the problem.",Intel,Connman,7.5,HIGH,0.004050000105053186,false,,false,false,false,,,false,false,,2022-01-28T00:00:00.000Z,0
CVE-2021-26676,https://securityvulnerability.io/vulnerability/CVE-2021-26676,Sensitive Stack Information Leak in ConnMan by Intel,"The gdhcp component in ConnMan before version 1.39 is susceptible to exploitation by network-adjacent attackers. This vulnerability allows attackers to leak sensitive stack information, potentially leading to further exploitation. By leveraging this information, attackers can target existing bugs within gdhcp, thereby amplifying the security risk. It is crucial for users of ConnMan to apply available patches and updates to mitigate this risk.",Intel,Connman,6.5,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2021-02-09T15:47:29.000Z,0
CVE-2021-26675,https://securityvulnerability.io/vulnerability/CVE-2021-26675,Stack-Based Buffer Overflow in ConnMan Network Management Software,"A stack-based buffer overflow vulnerability exists in the dnsproxy component of ConnMan versions prior to 1.39. This vulnerability enables network-adjacent attackers to exploit the flaw and execute arbitrary code, potentially compromising the integrity and availability of affected systems. It is essential for users of ConnMan to apply the recommended security updates and patches to mitigate the risk posed by this vulnerability.",Intel,Connman,8.8,HIGH,0.0015699999639764428,false,,false,false,false,,,false,false,,2021-02-09T15:47:25.000Z,0
CVE-2017-12865,https://securityvulnerability.io/vulnerability/CVE-2017-12865,,"Stack-based buffer overflow in ""dnsproxy.c"" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the ""name"" variable.",Intel,Connman,9.8,CRITICAL,0.033070001751184464,false,,false,false,false,,,false,false,,2017-08-29T16:00:00.000Z,0
CVE-2012-6459,https://securityvulnerability.io/vulnerability/CVE-2012-6459,,"ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.",Intel,Connman,,,0.0031300000846385956,false,,false,false,false,,,false,false,,2013-01-01T15:55:00.000Z,0