Lucene search
K

196 matches found

Fedora
Fedora
added 2021/03/19 8:25 p.m.57 views

[SECURITY] Fedora 34 Update: arm-none-eabi-newlib-4.1.0-1.fc34

Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...

9.8CVSS2.2AI score0.02103EPSS
Exploits0
CNVD
CNVD
added 2021/03/17 12:0 a.m.9 views

Unspecified Vulnerability in Das U-Boot (CNVD-2021-18393)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2, which stems from the loader...

7.8CVSS6.6AI score0.01037EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/17 12:0 a.m.5 views

Unspecified Vulnerability in Das U-Boot (CNVD-2021-18392)

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2 that stems from the bootload...

7.8CVSS6.6AI score0.01095EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/15 12:0 a.m.12 views

Wind River VxWorks Buffer Overflow Vulnerability

Wind River VxWorks is an operating system from Wind River, Inc. the industry-leading real-time operating system for building embedded devices and systems. A buffer overflow vulnerability exists in Wind River VxWorks versions 6.5 through 7, which can be exploited by a remote attacker to submit a...

9.8CVSS8.2AI score0.01894EPSS
Exploits1References1
Fedora
Fedora
added 2021/03/12 12:7 a.m.53 views

[SECURITY] Fedora 32 Update: arm-none-eabi-newlib-4.1.0-1.fc32

Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...

9.8CVSS2.2AI score0.02103EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/03/12 12:0 a.m.25 views

Fedora: Security Advisory for arm-none-eabi-newlib (FEDORA-2021-332fb9c796)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02103EPSS
Exploits0References2
Fedora
Fedora
added 2021/03/11 11:38 p.m.69 views

[SECURITY] Fedora 33 Update: arm-none-eabi-newlib-4.1.0-1.fc33

Newlib is a C library intended for use on embedded systems. It is a conglomeration of several library parts, all under free software licenses that make them easily usable on embedded products...

9.8CVSS2.2AI score0.02103EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/05 12:0 a.m.4 views

Red Hat newlib libc 输入验证错误漏洞

Red Hat newlib libc is a C language library from Red Hat, Inc. that is primarily used for embedded systems. A security vulnerability exists in newlib in versions prior to 4.0.0, which stems from improper overflow validation of the memory allocation functions mEMALIGn, pvALLOc, nanomemalign,...

9.8CVSS8.7AI score0.02103EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.7 views

Das U-Boot 安全漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2 that stems from the bootload...

7.8CVSS7.1AI score0.01095EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.8 views

Das U-Boot 安全漏洞

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in versions prior to Das U-Boot 2021.04-rc2, which stems from the loader...

7.8CVSS7.1AI score0.01037EPSS
Exploits0References4
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/02/08 7:33 a.m.156 views

Reverse Engineering Keys from Firmware. A how-to

TL;DR It is possible to reverse engineer keys from firmware with some tips: 1. Always looks for strings/constants. 2. Make guesses about the original source. 3. Find a function you can recognise and work backwards to identify other functions. 4. It helps if they use open-source code so you can cr...

6.9AI score
Exploits0
Ubuntu
Ubuntu
added 2021/02/04 7:46 p.m.227 views

USN-4722-1: ReadyMedia (MiniDLNA) vulnerabilities

It was discovered that ReadyMedia MiniDLNA allowed subscription requests with a delivery URL on a different network segment than the fully qualified event- subscription URL. An attacker could use this to hijack smart devices and cause denial of service attacks. CVE-2020-12695 It was discovered th...

9.8CVSS7.2AI score0.15193EPSS
Exploits4
CNVD
CNVD
added 2021/02/03 12:0 a.m.9 views

Wolfssl Trust Management Issues Vulnerabilities

Wolfssl CyaSSL is the United States Wolfssl company for embedded systems developers to use a small, portable embedded SSL programming library. A trust management issue vulnerability exists in the DoTls13CertificateVerify function in the WolfSSL version 4.6.0 tls13.c file, which stems from not...

8.1CVSS6.6AI score0.00793EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2021/02/01 9:47 p.m.147 views

Wind River ‘Security Incident’ Affects SSNs, Passport Numbers

Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the...

7AI score
Exploits0References8
Talos
Talos
added 2021/01/26 12:0 a.m.56 views

Micrium uC-HTTP HTTP Server unchecked return value denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions Micrium uC-HTTP 3.01.00 Product URLs...

8.6CVSS7.6AI score0.02612EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2020/12/21 12:0 a.m.574 views

Ripple20 Treck TCP/IP Stack Vulnerabilities

Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. A summary of JSOF’s research is here, along with a technical whitepaper. See the Rapid7 Analysis tab for further...

10CVSS6.8AI score0.36965EPSS
In wildExploits21References20
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.7 views

Treck TCP/IP Buffer Error Vulnerability

Treck TCP/IP is a TCP Transmission Control Protocol/IP Internet Interconnection Protocol suite from Treck, Inc. dedicated to embedded systems. A security vulnerability exists in Treck TCP/IP stack version 6.0.1.67 and prior versions, which stems from a vulnerability in the Treck HTTP server...

10CVSS7.7AI score0.03348EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2020/12/08 11:0 a.m.49 views

'Amnesia:33' TCP/IP Flaws Affect Millions of IoT Devices

Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency CISA – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of internet-of-things IoT devices and embedded systems, including smart thermometers, smart plugs and printers...

8.4AI score
Exploits0References9
CNNVD
CNNVD
added 2020/11/24 12:0 a.m.8 views

musl libc buffer error vulnerability

musl libc is musl open source an open source C language standard library . Mainly used for embedded systems and mobile devices and so on. A buffer error vulnerability exists in musl libc version 1.2.1 and earlier versions, which stems from wcsnrtombs incorrectly handling a specific combination of...

5.5CVSS6.9AI score0.00644EPSS
Exploits0References19
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/11/16 6:8 a.m.58 views

Brute forcing device passwords

When working with IoT and embedded systems, brute-force password guessing attacks are an effective tool to gain access. Over the years, I’ve learned some tips and tricks to make these attacks more effective. What is brute forcing? Very simply, it’s guessing passwords so that you can find a valid...

7.8AI score
Exploits0
Rows per page
Query Builder