197 matches found
Weston Embedded uC-FTPs Authentication authentication bypass vulnerability
Talos Vulnerability Report TALOS-2022-1680 Weston Embedded uC-FTPs Authentication authentication bypass vulnerability May 10, 2023 CVE Number CVE-2022-41985 SUMMARY An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially...
SA44508 - 2020-06: Out-of-Cycle Advisory: Multiple Vulnerabilities in Treck TCP/IP Embedded Software
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Treck IP network stack software is designed and used in a variety of embedded systems. The software can be licensed and integrated in various ways, including compiled from source,...
Micrium uC-HTTP 缓冲区错误漏洞
Micrium uC-HTTP is a software from Micrium USA that provides TCP/IP functionality for devices. The software is designed for embedded applications with a compact, reliable, high-performance TCP/IP stack with dual support for IPv4 and IPv6. A security vulnerability exists in Micrium uC-HTTP version...
DD-WRT httpd unescape memory corruption vulnerability
Summary A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions DD-WRT Revision 322...
Cesanta MJS代码问题漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...
July 12, 2022—KB5015861 (Monthly Rollup)
None None...
Das U-Boot 缓冲区错误漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios & MicroBlaze. A security vulnerability exists in Das U-Boot versions v2020.10 through v2022.07-rc3. An attacker can...
Das U-Boot 缓冲区错误漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot version 2022.07-rc5 and earlier versions, which stems from...
Das U-Boot 缓冲区错误漏洞
Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. A security vulnerability exists in Das U-Boot 2022.01 and earlier versions, which stems from the...
The vulnerability of the kernel of microprogramming software in Qualcomm’s embedded chips allows a hacker to execute arbitrary code.
The vulnerability of microprogramming software in embedded Qualcomm chips relates to synchronization errors when using common resources. Exploiting this vulnerability can allow a hacker to execute arbitrary code...
Exploit for Embedded Malicious Code in Tukaani Xz
Home / Tags / Archives./archive...
AMD EPYC Embedded Processors 安全漏洞
AMD EPYC is an x86 server microprocessor product line from AMD, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. A security vulnerability exists in AMD EPYC Embedded Processors, where an unprivileged process executed by a malicious hypervisor in a VM could maliciously take...
OESA-2021-1441 busybox security update
BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: An...
Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge
There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety...
Vulnerabilities found in NicheStack
Forescout researchers have found fourteen vulnerabilities found in NicheStack. This is a TCP/IP stack used primarily used in embedded systems and ICS/SCADA devices. Among Siemens, Honeywell, Rockwell Automation and Schneider Electric, among others are mentioned by Forescout as manufacturers that...
STMicroelectronics STM32Cube Middleware 安全漏洞
The Stmicroelectronics STMicroelectronics STM32Cube is a microcontroller for embedded systems from Stmicroelectronics Switzerland. A security vulnerability exists in the STMicroelectronics STM32Cube Middleware that can be exploited by an attacker to execute arbitrary code...
Cesanta MJS Stack Overflow Vulnerability (CNVD-2021-38649)
Cesanta MJS is an embedded JavaScript engine for C/C++, designed for microcontrollers with limited resources. A stack overflow vulnerability exists in parsemuldivrem in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...
Binary vulnerability in picoTCP, picoTCP-NG
picoTCP is a small footprint, modular TCP/IP stack designed for embedded systems and the Internet of Things. A binary vulnerability exists in picoTCP, picoTCP-NG, which can be exploited by an attacker to gain server control privileges...
Zephyr Out-of-Bounds Read Vulnerability
Zephyr is a small real-time operating system for connected, resource-constrained embedded devices. A security vulnerability exists in Zephyr versions = 1.14.2 and = 2.3.0. An attacker could exploit this vulnerability to achieve remote code execution...
The vulnerability in the `dns_parse_callback` function in the `network/lookup_name.c` library for the C language, used in Linux-based embedded operating systems, allows a attacker to cause a service failure.
The vulnerability of the dnsparsecallback function in the network/lookupname.c library for the C language, used in Linux-based operating systems, relates to the lack of restrictions on the number of addresses that can be entered. Exploiting this vulnerability could allow a remote attacker to caus...