Lucene search
+L

211 matches found

redhatcve
redhatcve
added 2026/06/11 2:59 a.m.11 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/10 12:35 a.m.9 views

CVE-2026-46532 ESF-IDF: Heap Out-of-Bounds Read in Bluedroid AVRCP Target Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser avrcparsvendorcmd in components/bt/host/bluedroid/stack/avrc/avrcparstg.c. This issue has been patched ...

4.6CVSS5.4AI score0.00228EPSS
Exploits0References7
cve
cve
added 2026/06/10 12:35 a.m.49 views

CVE-2026-46532

CVE-2026-46532 describes a heap/out-of-bounds read in Espressif’s ESF-IDF (IoT Development Framework) due to the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd) in bluedroid. Affected versions are 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0. The issue has been patched in 5.2.7, 5.3.6, 5.4.5,...

4.6CVSS5.4AI score0.00228EPSS
Exploits0References7Affected Software1
vulnrichment
vulnrichment
added 2026/06/10 12:34 a.m.8 views

CVE-2026-45542 ESF-IDF: Heap buffer overflow in protocomm Security2 over Bluetooth

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS5.7AI score0.00325EPSS
Exploits0References7
osv
osv
added 2026/06/10 12:34 a.m.3 views

CVE-2026-45542 ESF-IDF: Heap buffer overflow in protocomm Security2 over Bluetooth

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS6.2AI score0.00325EPSS
Exploits0References9
osv
osv
added 2026/06/10 12:34 a.m.3 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References6
cve
cve
added 2026/06/10 12:33 a.m.30 views

CVE-2026-45328

The CVE concerns ESF-IDF’s ESP-IDF esp_tee component. In versions 5.5.4 and 6.0, the secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c bridge calls from the REE to TEE-protected peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and security features (attestation, OTA,...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2026/06/10 12:26 a.m.42 views

CVE-2026-45160 ESF-IDF: Out-of-bounds Read in lwIP DHCP Server Option Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS0.00246EPSS
Exploits0References7
cve
cve
added 2026/06/10 12:25 a.m.29 views

CVE-2026-45541

The CVE describes a NULL-pointer dereference in the WebSocket subprotocol-negotiation path of the esp_http_server component in ESF-IDF. During the WebSocket handshake, parsing the clientS WebSocket Protocol header may dereference a NULL tokenisation result, causing a crash before any application...

7.5CVSS5.4AI score0.00439EPSS
Exploits0References7Affected Software1
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.25 views

PT-2026-48353

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handle session command0 in...

7.1CVSS5.7AI score0.00325EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.22 views

PT-2026-48354

Name of the Vulnerable Software and Affected Versions ESF-IDF version 5.2.6 ESF-IDF version 5.3.5 ESF-IDF version 5.4.4 ESF-IDF version 5.5.3 ESF-IDF version 6.0 Description An out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser within the avrc pars vendor cmd function located ...

4.6CVSS5.3AI score0.00228EPSS
Exploits0References10
packetstormnews
packetstormnews
added 2026/04/13 12:0 a.m.8 views

A Synthetic Conversational Smishing Dataset for Social Engineering Detection

Smishing SMS phishing has become a serious cybersecurity threat, especially for elderly and cyber-unaware individuals, causing financial loss and undermining user trust. Although prior work has focused on detecting smishing at the level of individual messages, real-world attackers often rely on...

5.8AI score
Exploits0
nessus
nessus
added 2026/02/13 12:0 a.m.7 views

openSUSE 16 Security Update : micropython (openSUSE-SU-2026:20199-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20199-1 advisory. Changes in micropython: - CVE-2026-1998: Fixed segmentation fault in mpmaplookup via mpimportall bsc1257803. - Version 1.26.1 esp32: update esptinyusb...

5.5CVSS4.8AI score0.00203EPSS
Exploits1References3
nvd
nvd
added 2026/02/04 6:16 p.m.18 views

CVE-2026-25507

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...

6.3CVSS0.00199EPSS
Exploits0References8
osv
osv
added 2026/02/04 5:58 p.m.9 views

CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...

6.3CVSS5.7AI score0.00204EPSS
Exploits0References10
attackerkb
attackerkb
added 2026/02/04 5:58 p.m.8 views

CVE-2026-25508

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...

6.3CVSS5.7AI score0.00204EPSS
Exploits0References9
cve
cve
added 2026/02/04 5:58 p.m.20 views

CVE-2026-25507

The CVE concerns ESF-IDF (Espressif IoT Development Framework) with a use-after-free in the BLE provisioning transport (protocomm_ble). Affected versions are 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. When provisioning is stopped with keep_ble_on = true, internal protocomm_ble state and GATT metadata...

6.3CVSS5.5AI score0.00199EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/02/04 5:58 p.m.12 views

CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...

6.3CVSS5.5AI score0.00199EPSS
Exploits0References10
cvelist
cvelist
added 2026/02/04 5:58 p.m.39 views

CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport protocommble layer. The issue can be triggered by a remote BLE client while the device is in...

6.3CVSS0.00199EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/02/04 5:58 p.m.13 views

CVE-2026-25532

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS Wi-Fi Protected Setup Enrollee implementation where malformed EAP-WSC packets with truncated payloads can cause integer underflow during...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References9
Rows per page
Query Builder