Lucene search
K

48 matches found

OSV
OSV
added 2026/01/12 5:26 p.m.5 views

CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path

Espressif ESP-IDF USB Host HID Human Interface Device Driver allows access to HID devices. Prior to 1.1.0, calls to hidhostdeviceclose can free the same usbtransfert twice. The USB event callback and user code share the hidifacet state without locking, so both can tear down a READY interface...

6.4CVSS7AI score0.00139EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.5 views

PT-2026-2284

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0 Description The USB Host HID Human Interface Device Driver in ESP-IDF allows access to HID devices. A flaw exists in the usb class request get descriptor function where it frees and reallocates hid...

6.8CVSS6.2AI score0.00183EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 12:10 p.m.11 views

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

6.9CVSS7.5AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:24 a.m.14 views

CVE-2021-28139

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon reception of an LMP Feature Response Extended packet, allowing attackers in radio range to trigger arbitrary code execution in ESP32 via a crafted Extended Features bitfield...

8.8CVSS7.6AI score0.0139EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/17 12:0 a.m.4 views

Espressif ESP-IDF 代码问题漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A code issue vulnerability exists in Espressif ESP-IDF that stems from improper handling of invalid access addresses, which could lead to advertisement stops and false connection reports...

6.9CVSS6.9AI score0.00356EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-8112

Malware in sbrugna...

7.5CVSS7.5AI score0.01382EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2021-14838

Malware in sbrugna...

8.8CVSS8.6AI score0.0139EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-10278

Malware in sbrugna...

6.9CVSS6.5AI score0.0039EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-14835

Malware in sbrugna...

6.5CVSS6.5AI score0.00872EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5841

Malware in sbrugna...

6.5CVSS6.6AI score0.00756EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.9 views

CVE-2020-13595

The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...

6.5CVSS6.9AI score0.0087EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.6 views

CVE-2020-16146

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btcblufirecvhandler function in blufiprf.c. An attacker can send a crafted BluFi protocol Write Attribute command to...

7.5CVSS7.2AI score0.01382EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.9 views

CVE-2019-15894

An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code fr...

7.2CVSS7.9AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/15 8:10 a.m.25 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7.2AI score0.00594EPSS
Exploits1References1
NVD
NVD
added 2025/03/13 5:15 p.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS0.00594EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/07 12:0 a.m.24 views

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

0.00513EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.5 views

PT-2024-34631 · Espressif · Espressif Esp-Idf

Name of the Vulnerable Software and Affected Versions: Espressif Esp idf version 5.3.0 Description: The issue allows attackers to cause a Denial of Service DoS via a crafted data channel packet. This can be exploited by sending a specially crafted packet to the affected system. Recommendations: F...

7.5CVSS6.8AI score0.00513EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2024/11/07 12:0 a.m.15 views

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

6.7AI score0.00513EPSS
Exploits2References2
CVE
CVE
added 2024/11/07 12:0 a.m.74 views

CVE-2024-51428

CVE-2024-51428 affects Espressif ESP-IDF, specifically version 5.3.0 , where a vulnerability in the data channel handling can allow an unauthenticated attacker to cause a Denial of Service (DoS) by sending a crafted data channel packet. The available documents consistently describe DoS impact but...

7.5CVSS6.9AI score0.00513EPSS
Exploits2References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/08 12:0 a.m.7 views

The vulnerability of the Bluetooth Classic environment for developing IoT applications allows a attacker to execute arbitrary code.

The vulnerability of the Espressif esp-idf software is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.8CVSS8.3AI score0.0139EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder