Lucene search
K

271 matches found

CVE
CVE
added 2024/04/22 12:0 a.m.61 views

CVE-2024-22807

The CVE-2024-22807 vulnerability affects the Tormach xsTECH CNC Router with PathPilot Controller v2.9.6. The issue enables attackers to erase a critical sector of the flash memory, resulting in the loss of network connectivity and firmware corruption. Documented impacts include degraded device re...

6.5CVSS6.9AI score0.00421EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/22 12:0 a.m.16 views

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

6.8AI score0.00421EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/22 12:0 a.m.12 views

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

7AI score0.00421EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/22 12:0 a.m.4 views

Tormach PathPilot Controller 安全漏洞

Tormach PathPilot Controller is a series of controllers from Tormach USA. A security vulnerability exists in Tormach PathPilot Controller version v2.9.6. An attacker exploited the vulnerability to erase critical sectors of flash memory, causing the machine to lose network connectivity and suffer...

6.5CVSS6.8AI score0.00421EPSS
Exploits0References2
NVD
NVD
added 2024/04/18 11:15 p.m.24 views

CVE-2024-1491

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

8.7CVSS8AI score0.00553EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/18 10:13 p.m.29 views

CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function

The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...

8.7CVSS8AI score0.00553EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.4 views

PT-2024-18089 · Unknown · Electrolink Fm/Dab/Tv Transmitter

Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter affected versions not specified Description: The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides ...

8.7CVSS7.4AI score0.00553EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.8 views

ESP-IDF 安全漏洞

ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. ESP-IDF has a security vulnerability that stems from the presence of a TOCTOU vulnerability. The vulnerability allows an attacker with physical access to the device's fla...

6.1CVSS5.9AI score0.00208EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.27 views

Cisco IP Phones Information Disclosure (CVE-2022-20660)

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device...

4.6CVSS5.2AI score0.00351EPSS
Exploits3References4
CNVD
CNVD
added 2024/03/13 12:0 a.m.20 views

Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability

SENTRON PAC Meter products are power measurement devices for precise energy management and transparent information acquisition. An improper access control vulnerability exists in the Siemens SENTRON 7KM PAC3x20 Devices due to read protection not being properly set on the internal flash memory of...

5.1CVSS6.5AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2024/02/28 9:15 a.m.6 views

UBUNTU-CVE-2020-36786

In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554platformdatafunc returns an error there is a memory leak on the error return path of object flash. Fix this by adding an err...

5.5CVSS5.7AI score0.00222EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.3 views

AMD EPYC Security Vulnerability

AMD EPYC is an x86 server microprocessor product line from AMD Semiconductor, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. A security vulnerability exists in AMD EPYC™ Processors. The vulnerability can be exploited to write to the SPI flash memory to execute arbitrary cod...

7.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.7 views

PT-2024-11958 · Unknown · System Management Mode

Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to access the SPI flash, potentially leading to arbitrary code...

7.1CVSS8.2AI score0.00173EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.380 views

Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution

Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.23 views

Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085)

Summary IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface UEFI. Vulnerability Details CVEID: CVE-2018-9085 DESCRIPTION: Lenovo System x is vulnerable to a denial of service, caused by missing flash memo...

4.9CVSS0.5AI score0.00664EPSS
Exploits0Affected Software3
The Hacker News
The Hacker News
added 2023/11/02 8:59 a.m.123 views

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

As many as 34 unique vulnerable Windows Driver Model WDM and Windows Driver Frameworks WDF drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. "By exploiting the drivers, an attacker without privilege...

7.8CVSS8AI score0.0046EPSS
Exploits1
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.5 views

Silicon Labs OpenThread SDK Security Vulnerability

Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...

9.1CVSS6.7AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/26 12:0 a.m.7 views

Silicon Labs OpenThread SDK Security Vulnerability

Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...

6.8CVSS6.7AI score0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/03 3:15 p.m.3 views

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

6.5CVSS5.9AI score0.00154EPSS
Exploits0References3
NVD
NVD
added 2023/06/15 8:15 p.m.27 views

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

5.5CVSS4.4AI score0.00164EPSS
Exploits0References2
Rows per page
Query Builder