563 matches found
CVE-2024-50084 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...
The vulnerability of the vcap_api_encode_rule_test() function in the network adapter driver from Microchip’s Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the vcapapiencoderuletest function in the drivers/net/ethernet/microchip/vcap/vcapapikunit.c file of the network adapter driver software for Microchip’s Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an...
CVE-2024-29155
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...
CVE-2024-29155 Denial of service on Microchip RN4870 devices
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...
CVE-2024-29155 Denial of service on Microchip RN4870 devices
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...
CVE-2024-29155
The CVE-2024-29155 entry concerns Microchip RN4870 devices. Affected software/hardware: Microchip RN4870 (Bluetooth Low Energy module) as described in the provided records. Vulnerable component: the pairing flow handling for consecutive PairReqNoInputNoOutput requests. Root cause: when more than ...
Microchip RN4870 输入验证错误漏洞
The Microchip RN4870 is a Bluetooth low energy module chip from Microchip, Inc. The Microchip RN4870 suffers from an input validation error vulnerability that stems from the fact that when the device receives multiple PairReqNoInputNoOutput requests in a row, it will not be able to complete the...
CVE-2024-46831
...
PT-2024-22772 · Microchip · Microchip Rn4870
Name of the Vulnerable Software and Affected Versions: Microchip RN4870 affected versions not specified Description: The issue occurs when more than one consecutive PairReqNoInputNoOutput request is received, causing the device to become incapable of completing the pairing process. A third party...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43687
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-7801
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-9054
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...
CVE-2024-43685
Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...
CVE-2024-43684
Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43684
Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683 Improper verification of the Host header in TimeProvider 4100
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...
CVE-2024-43683
CVE-2024-43683 affects Microchip TimeProvider 4100 (from v1.0). The issue is an improper verification of the Host header leading to a URL Redirection to an untrusted site, enabling cross-site scripting via HTTP headers (open redirect). Public documents indicate affected versions start at 1.0, but...