Filtered by vendor Microchip
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12788 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-08-04 | 7.5 High |
| CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-08-04 | 7.5 High |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||||
| CVE-2020-9033 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | ||||
| CVE-2020-9028 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.1 Medium |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). | ||||
| CVE-2020-9034 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 7.5 High |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | ||||
| CVE-2020-9029 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | ||||
| CVE-2020-9032 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | ||||
| CVE-2020-9030 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | ||||
| CVE-2020-9031 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | ||||
| CVE-2021-37605 | 1 Microchip | 1 Miwi | 2024-08-04 | 7.5 High |
| In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. | ||||
| CVE-2021-37604 | 1 Microchip | 1 Miwi | 2024-08-04 | 7.5 High |
| In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame counter values by injecting messages with a sufficiently large frame counter value and invalid payload. This results in denial of service/valid packets in the network. There is also a possibility of a replay attack in the stack. | ||||
| CVE-2022-46399 | 1 Microchip | 28 Bm64, Bm64 Firmware, Bm70 and 25 more | 2024-08-03 | 7.5 High |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. | ||||
| CVE-2022-46401 | 1 Microchip | 24 Bm64, Bm64 Firmware, Bm70 and 21 more | 2024-08-03 | 5.4 Medium |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete. | ||||
| CVE-2022-46402 | 1 Microchip | 18 Bm70, Bm70 Firmware, Bm71 and 15 more | 2024-08-03 | 6.5 Medium |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. | ||||
| CVE-2022-46400 | 1 Microchip | 18 Bm70, Bm70 Firmware, Bm71 and 15 more | 2024-08-03 | 5.4 Medium |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. | ||||
| CVE-2022-46403 | 1 Microchip | 18 Bm70, Bm70 Firmware, Bm71 and 15 more | 2024-08-03 | 8.6 High |
| The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. | ||||
| CVE-2022-45191 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2024-08-03 | 6.5 Medium |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | ||||
| CVE-2022-45192 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2024-08-03 | 6.5 Medium |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | ||||
| CVE-2022-45190 | 1 Microchip | 2 Rn4870, Rn4870 Firmware | 2024-08-03 | 5.3 Medium |
| An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. | ||||
| CVE-2022-40480 | 2 Microchip, Nordicsemi | 4 Dt100112, Dt100112 Firmware, Nrf5340-dk and 1 more | 2024-08-03 | 6.5 Medium |
| Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. | ||||