271 matches found
CVE-2024-22807
The CVE-2024-22807 vulnerability affects the Tormach xsTECH CNC Router with PathPilot Controller v2.9.6. The issue enables attackers to erase a critical sector of the flash memory, resulting in the loss of network connectivity and firmware corruption. Documented impacts include degraded device re...
CVE-2024-22807
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...
CVE-2024-22807
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...
Tormach PathPilot Controller 安全漏洞
Tormach PathPilot Controller is a series of controllers from Tormach USA. A security vulnerability exists in Tormach PathPilot Controller version v2.9.6. An attacker exploited the vulnerability to erase critical sectors of flash memory, causing the machine to lose network connectivity and suffer...
CVE-2024-1491
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...
CVE-2024-1491 Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory...
PT-2024-18089 · Unknown · Electrolink Fm/Dab/Tv Transmitter
Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter affected versions not specified Description: The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides ...
ESP-IDF 安全漏洞
ESP-IDF is an open source development framework for Espressif SoCs supported on Windows, Linux and macOS by Espressif Systems. ESP-IDF has a security vulnerability that stems from the presence of a TOCTOU vulnerability. The vulnerability allows an attacker with physical access to the device's fla...
Cisco IP Phones Information Disclosure (CVE-2022-20660)
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device...
Siemens SENTRON 7KM PAC3x20 Devices Improper Access Control Vulnerability
SENTRON PAC Meter products are power measurement devices for precise energy management and transparent information acquisition. An improper access control vulnerability exists in the Siemens SENTRON 7KM PAC3x20 Devices due to read protection not being properly set on the internal flash memory of...
UBUNTU-CVE-2020-36786
In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554platformdatafunc returns an error there is a memory leak on the error return path of object flash. Fix this by adding an err...
AMD EPYC Security Vulnerability
AMD EPYC is an x86 server microprocessor product line from AMD Semiconductor, known as "Xiao Long" in Chinese, utilizing the Zen microarchitecture. A security vulnerability exists in AMD EPYC™ Processors. The vulnerability can be exploited to write to the SPI flash memory to execute arbitrary cod...
PT-2024-11958 · Unknown · System Management Mode
Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: The issue is related to improper access control in System Management Mode SMM, which may allow an attacker to access the SPI flash, potentially leading to arbitrary code...
Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100...
Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085)
Summary IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface UEFI. Vulnerability Details CVEID: CVE-2018-9085 DESCRIPTION: Lenovo System x is vulnerable to a denial of service, caused by missing flash memo...
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
As many as 34 unique vulnerable Windows Driver Model WDM and Windows Driver Frameworks WDF drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. "By exploiting the drivers, an attacker without privilege...
Silicon Labs OpenThread SDK Security Vulnerability
Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...
Silicon Labs OpenThread SDK Security Vulnerability
Silicon Labs OpenThread SDK is a software development kit from Silicon Labs, Inc. that supports the development and deployment of the Thread protocol. A security vulnerability exists in the Silicon Labs OpenThread SDK that stems from the presence of a security key missing encryption vulnerability...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
CVE-2023-2747
The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...