Filtered by vendor Microchip
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1674 | 1 Microchip | 1 Mplab Ide | 2024-11-21 | N/A |
| Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608. | ||||
| CVE-2009-1608 | 1 Microchip | 1 Mplab Ide | 2024-11-21 | N/A |
| Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. | ||||
| CVE-2024-43684 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | ||||
| CVE-2024-43683 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | ||||
| CVE-2024-9054 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-17 | 8.8 High |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-7801 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-17 | 6.5 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-43685 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-17 | 9.8 Critical |
| Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-43687 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-16 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-43686 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-16 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2023-23588 | 2 Microchip, Siemens | 10 Maxview Storage Manager, Simatic Ipc1047, Simatic Ipc1047 Firmware and 7 more | 2024-10-15 | 6.2 Medium |
| A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. | ||||
| CVE-2020-27636 | 1 Microchip | 1 Mplab Network Creator | 2024-09-19 | 9.1 Critical |
| In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | ||||
| CVE-2024-7490 | 1 Microchip | 1 Advanced Software Framework | 2024-09-19 | 9.8 Critical |
| Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported. Apply provided workaround or migrate to an actively maintained framework. | ||||
| CVE-2019-19195 | 1 Microchip | 2 Atmsamb11 Blusdk Smart, Atsamb11 | 2024-08-05 | 6.5 Medium |
| The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | ||||
| CVE-2019-16129 | 1 Microchip | 1 Cryptoauthlib | 2024-08-05 | 6.8 Medium |
| Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). | ||||
| CVE-2019-16127 | 1 Microchip | 1 Advanced Software Framework 4 | 2024-08-05 | 9.1 Critical |
| Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | ||||
| CVE-2019-16128 | 1 Microchip | 1 Cryptoauthlib | 2024-08-05 | 6.8 Medium |
| Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). | ||||
| CVE-2019-15809 | 5 Athena-scs, Cryptsoft, Microchip and 2 more | 5 Idprotect, S\/a Idflex V, Atmel Toolbox and 2 more | 2024-08-05 | 4.7 Medium |
| Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001. | ||||
| CVE-2020-20950 | 5 Apple, Ietf, Linux and 2 more | 5 Macos, Public Key Cryptography Standards \#1, Linux Kernel and 2 more | 2024-08-04 | 5.9 Medium |
| Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure. | ||||
| CVE-2020-17441 | 2 Altran, Microchip | 2 Picotcp, Mplab Harmony | 2024-08-04 | 9.1 Critical |
| An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c). | ||||
| CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-08-04 | 7.5 High |
| The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||||