Shodan
Vulnerabilities
Vulnerable Software
Microchip:  Security Vulnerabilities
CVE-2020-20950
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable library, resulting in remote information disclosure.
CVSS Score
5.9
EPSS Score
0.006
Published
2021-01-19
CVE-2020-17441
An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 headers does not validate whether the IPv6 payload length field is equal to the actual size of the payload, which leads to an Out-of-Bounds read during the ICMPv6 checksum calculation, resulting in either Denial-of-Service or Information Disclosure. This affects pico_ipv6_extension_headers and pico_checksum_adder (in pico_ipv6.c and pico_frame.c).
CVSS Score
9.1
EPSS Score
0.007
Published
2020-12-11
CVE-2019-16128
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-22
CVE-2019-16129
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-22
CVE-2019-16127
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-10-22
CVE-2020-12787
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-14
CVE-2020-12788
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-14
CVE-2020-12789
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-14
CVE-2020-9028
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-17
CVE-2020-9029
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved