Filtered by vendor Microchip Subscriptions
Total 43 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-9030 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
CVE-2020-9029 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVE-2020-9028 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.1 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
CVE-2020-27636 1 Microchip 1 Mplab Network Creator 2024-11-21 9.1 Critical
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.
CVE-2020-20950 5 Apple, Ietf, Linux and 2 more 5 Macos, Public Key Cryptography Standards \#1, Linux Kernel and 2 more 2024-11-21 5.9 Medium
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
CVE-2020-17441 2 Altran, Microchip 2 Picotcp, Mplab Harmony 2024-11-21 9.1 Critical
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).
CVE-2020-12789 1 Microchip 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more 2024-11-21 7.5 High
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
CVE-2020-12788 1 Microchip 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more 2024-11-21 7.5 High
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
CVE-2020-12787 1 Microchip 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more 2024-11-21 7.5 High
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
CVE-2019-19195 1 Microchip 2 Atmsamb11 Blusdk Smart, Atsamb11 2024-11-21 6.5 Medium
The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
CVE-2019-16129 1 Microchip 1 Cryptoauthlib 2024-11-21 6.8 Medium
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
CVE-2019-16128 1 Microchip 1 Cryptoauthlib 2024-11-21 6.8 Medium
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
CVE-2019-16127 1 Microchip 1 Advanced Software Framework 4 2024-11-21 9.1 Critical
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
CVE-2019-15809 5 Athena-scs, Cryptsoft, Microchip and 2 more 5 Idprotect, S\/a Idflex V, Atmel Toolbox and 2 more 2024-11-21 4.7 Medium
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001.
CVE-2009-1674 1 Microchip 1 Mplab Ide 2024-11-21 N/A
Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.
CVE-2009-1608 1 Microchip 1 Mplab Ide 2024-11-21 N/A
Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields.
CVE-2024-43684 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2024-11-01 8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
CVE-2024-43683 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2024-11-01 6.1 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
CVE-2024-9054 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2024-10-17 8.8 High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
CVE-2024-7801 1 Microchip 2 Timeprovider 4100, Timeprovider 4100 Firmware 2024-10-17 6.5 Medium
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.