36 matches found
CVE-2026-6682
In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...
CVE-2026-45328
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...
CVE-2026-45328
The CVE concerns ESF-IDF’s ESP-IDF esp_tee component. In versions 5.5.4 and 6.0, the secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c bridge calls from the REE to TEE-protected peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and security features (attestation, OTA,...
PT-2026-48350
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esp tee component exposes secure-service wrappers in esp secure services.c and esp secure services iram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware...
CVE-2025-44018
CVE-2025-44018 affects the GL.iNet GL-AXT1800 OTA Update mechanism (firmware 4.7.0). A specially crafted .tar enables a firmware downgrade, which a motivated attacker could trigger via a man‑in‑the‑middle scenario. Cisco Talos documents the vulnerable version (GL-AXT1800 4.7.0) and assigns CVSS v...
EUVD-2016-7802
Malware in sbrugna...
EUVD-2021-0071
Malware in sbrugna...
EUVD-2017-4782
Malware in sbrugna...
EUVD-2016-7800
Malware in sbrugna...
EUVD-2023-58563
Malicious code in bioql PyPI...
CVE-2023-6321
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...
CVE-2023-6321 Owlet Camera OS command injection
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...
CVE-2023-6321 Owlet Camera OS command injection
A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...
CVE-2023-6321
The CVE-2023-6321 issue is described across connected sources as a command-injection vulnerability in the IOCTL handler that manages OTA updates on Owlet Cam OS. The underlying flaw allows an authenticated attacker to execute commands with root privileges, potentially taking full control of affec...
CVE-2021-41104
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
CVE-2021-41104
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
Default credentials
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
PYSEC-2021-351
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...
PYSEC-2021-351
ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...