Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which occurs when sending ICMP ping messages to the device’s own IPv4 address using the net ping shell command. This causes the network stack to recursively re-ente...

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr that stems from a contention condition in the entry point of a system call, which could lead to elevation of privilege by a malicious userspace process...

PT-2025-44929

Name of the Vulnerable Software and Affected Versions Automotive Software platform based on QNX affected versions not specified Description An information disclosure issue exists when processing messages from a client with an invalid payload. The issue involves a buffer over-read. Recommendations...

PT-2025-44927

Name of the Vulnerable Software and Affected Versions Automotive Software platform based on QNX affected versions not specified Description A memory corruption issue exists when processing client messages during device management. This is a stack-based buffer overflow. Recommendations At the...

EUVD-2022-52790

Malicious code in bioql PyPI...

EUVD-2024-29855

Malicious code in bioql PyPI...

EUVD-2024-29121

Malicious code in bioql PyPI...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr. An attacker exploited the vulnerability to cause a global buffer overflow...

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Hunting for vulnerabilities in industrial environments has become increasingly important as industrial control systems and critical infrastructure face threats from state-sponsored actors and ransomware groups hoping to cash out on million-dollar payments. Fuzzing has long been one of our favorit...

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server. The first post highlighted code modifications necessary for developing a fuzzing harness tailored for the µC/HTTP-server. The second discussed a techniqu...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr 3.6 and earlier versions that stems from a missing check that results in a divide-by-zero error...

Code injection

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...

CVE-2024-28115 Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affe...

UBUNTU-CVE-2021-42553

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

Microsoft Azure Real Time Operating System 代码注入漏洞

Microsoft Azure Real Time Operating System Azure RTOS is an embedded development kit from Microsoft Corporation USA that includes a small but powerful operating system that delivers reliable, ultra-fast performance for resource-constrained devices. A code injection vulnerability exists in Microso...

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

Zephyr Denial of Service Vulnerability (CNVD-2022-60682)

Zephyr an extensible real-time operating system RTOS. a denial of service vulnerability exists in Zephyr version v2.5.0 and later, which stems from the use of repeated LLFEATUREREQ reachable assertions. An attacker could exploit this vulnerability to cause a denial of service attack...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure components. A malicious party could exploit the vulnerabilities to obtain elevated privileges, or to gain access to sensitive data in the context of the victim. Microsoft states for several of the vulnerabilities listed below to be in possession ...

Microsoft Azure Real Time Operating System 安全漏洞

Microsoft Azure Real Time Operating System Azure RTOS is an embedded development kit from Microsoft Corporation USA that includes a small but powerful operating system that delivers reliable, ultra-fast performance for resource-constrained devices. A security vulnerability exists in the Microsoft...