MAL-2026-2731 Malicious code in buildkite-test-collector-cypress-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...

Malicious code in buildkite-test-collector-cypress-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c10094969be88bd9f1aa924abf89c5dc58dd70e107adf3c95a3f58c0ba86518 The package buildkite-test-collector-cypress-example was found to contain malicious code...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000866)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000866 advisory. drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and syste...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003175)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003175 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003120 advisory. drivers/usb/serial/cypressm8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference and syste...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003251)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003251 advisory. The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of servi...

CVE-2020-10367

Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a "Spectra" attack...

CVE-2020-10368

Certain Cypress and Broadcom Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a "Spectra" attack...

CVE-2022-31363

Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA010705.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: affected function is pbtransporthandlefrag. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write...

EUVD-2025-206080

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

EUVD-2025-206089

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fwurl' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands...

CVE-2021-47745

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fwurl' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands...

CVE-2021-47744

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

CVE-2021-47745 Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection via Firmware Upgrade

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fwurl' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands...

CVE-2021-47744

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains a hard-coded credentials issue in its Linux distribution, exposing remote root access via the static password 'Chameleon' over Telnet or SSH. Public sources note potential remote root compromise for affected devices; CVSS metrics in the entry indic...

CVE-2021-47744 Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

CVE-2021-47744 Cypress Solutions CTM-200/CTM-ONE 1.3.6 Hard-coded Credentials Remote Root

Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices...

PT-2025-54426

Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary command...

PT-2025-54425

Name of the Vulnerable Software and Affected Versions Cypress Solutions CTM-200/CTM-ONE version 1.3.6 Description The software contains a hard-coded credential issue in its Linux distribution, exposing root access. An attacker can exploit the static password 'Chameleon' to gain remote root access...

Cypress CTM-ONE 信任管理问题漏洞

The Cypress CTM-ONE is a wireless LTE gateway from Cypress Canada. A trust management issue vulnerability exists in Cypress CTM-ONE version 1.3.6, which stems from the presence of hard-coded credentials in the Linux distribution that could allow an attacker to gain remote root access...