Lucene search
+L

177 matches found

CNNVD
CNNVD
added 2025/06/26 12:0 a.m.5 views

arduino-esp32 注入漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. An injection vulnerability exists in arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1, which stems from an HTTP response splitting vulnerability in the sendHeader function...

9.3CVSS7.1AI score0.00396EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-26980 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.3.0-RC1 and 3.2.1 Description: The issue concerns a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP head...

9.3CVSS7.5AI score0.00396EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/06/25 12:0 a.m.7 views

Autel MaxiCharger AC Wallbox Commercial 安全漏洞

Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from a buffer overflow vulnerability that stems from the bleprocessesp32msg function failing to properly validate the length size of input data, which can be...

8.8CVSS8.1AI score0.00326EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.7 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS7.6AI score0.00769EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:35 p.m.9 views

CVE-2021-34173

An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover...

7.8CVSS6.6AI score0.01471EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.10 views

CVE-2020-13595

The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...

6.5CVSS6.9AI score0.0087EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 a.m.8 views

CVE-2019-17391

An issue was discovered in the Espressif ESP32 mask ROM code 2016-06-08 0 through 2. Lack of anti-glitch mitigations in the first stage bootloader of the ESP32 chip allows an attacker with physical access to the device to read the contents of read-protected eFuses, such as flash encryption and...

4.6CVSS6.7AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/07 8:0 p.m.35 views

CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...

6.5CVSS0.00301EPSS
Exploits0References4
CVE
CVE
added 2025/04/07 8:0 p.m.55 views

CVE-2025-3382

The CVE-2025-3382 entry concerns joey-zhou xiaozhi-esp32-server-java. Affects the update function of the /api/user/update endpoint, where manipulation of the state argument causes SQL injection. The vulnerability is exploitable remotely and is supported by public disclosures. No version details f...

6.5CVSS7.6AI score0.00301EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.10 views

Xiaozhi ESP32 Server Java 注入漏洞

Xiaozhi ESP32 Server Java is a Java Enterprise Management Platform by joey Personal Developer. Xiaozhi ESP32 Server Java suffers from an injection vulnerability that stems from an incorrect manipulation of the parameter state that can lead to SQL injection...

6.5CVSS7.1AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/10 12:31 a.m.14 views

CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...

6.8CVSS7.2AI score0.01258EPSS
Exploits1References1
NVD
NVD
added 2025/03/08 8:15 p.m.16 views

CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...

6.8CVSS0.01258EPSS
Exploits1References15
Cvelist
Cvelist
added 2025/03/08 12:0 a.m.19 views

CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...

6.8CVSS0.01258EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2025/03/08 12:0 a.m.5 views

PT-2025-10465

Name of the Vulnerable Software and Affected Versions Espressif ESP32 affected versions not specified Description The Espressif ESP32 chip contains 29 hidden HCI commands, such as 0xFC02 Write memory, which can be used for cyberattacks. These commands can be exploited to impersonate trusted...

6.8CVSS9.2AI score0.01258EPSS
Exploits1References130
CNNVD
CNNVD
added 2025/03/08 12:0 a.m.5 views

Espressif ESP32 安全漏洞

Espressif ESP32 is a microcontroller from China Loxin Espressif. A security vulnerability exists in the Espressif ESP32 that stems from hidden HCI commands that may result in memory writes...

6.8CVSS9.3AI score0.01258EPSS
Exploits1References8
CVE
CVE
added 2025/03/08 12:0 a.m.211 views

CVE-2025-27840

CVE-2025-27840 concerns Espressif ESP32 family chips. The public materials describe 29 hidden HCI/debug commands (notably 0xFC02: Write memory) that are undocumented and could enable memory writes in affected devices. Espressif explicitly states these are internal debug commands not remotely acce...

6.8CVSS7.2AI score0.01258EPSS
Exploits1References15Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/08 12:0 a.m.8 views

CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 Write memory...

6.8CVSS6.7AI score0.01258EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2025/02/05 2:10 p.m.8 views

CVE-2020-11015

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be...

9.1CVSS6.9AI score0.00737EPSS
Exploits0References1
NVD
NVD
added 2024/09/17 7:15 p.m.35 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS0.00769EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/09/17 6:8 p.m.22 views

CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS0.00769EPSS
Exploits0References5
Rows per page
Query Builder