Microchip: Security Vulnerabilities
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
CVSS Score
6.8
EPSS Score
0.001
Published
2020-10-22
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
CVSS Score
9.1
EPSS Score
0.004
Published
2020-10-22
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-14
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-14
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-09-14
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-17
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-02-17