Lucene search
+L

212 matches found

Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.6 views

PT-2025-24082 · Idf +1 · Idf +1

Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability that allows an attacker to store malicious JavaScript payload in the software, which will run in the victim's...

5.1CVSS5.4AI score0.003EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.5 views

PT-2025-24080 · Idf +1 · Idf +1

Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: This issue allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this requires authenticating to the device and executi...

5.3CVSS6.2AI score0.00319EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.6 views

PT-2025-24096 · Idf +1 · Idf +1

Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: The devices improperly handle TLS requests associated with PROCOME sockets. This can cause the device to reboot, resulting in a denial of service when TLS requests are sent ...

8.3CVSS6.4AI score0.00213EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

ZIV IDF和ZIV ZLF 代码注入漏洞

The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A code injection vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which originates from a code injection that could lead to malicious code execution...

5.3CVSS7.7AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.10 views

CVE-2024-33453

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component...

8.1CVSS6.5AI score0.00954EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.11 views

CVE-2024-28183

ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use TOCTOU vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass...

6.1CVSS6.8AI score0.00208EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:24 a.m.8 views

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

7.5CVSS6.7AI score0.00513EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.8 views

CVE-2021-28135

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service crash in ESP32 by flooding the target device with LMP Feature Response data...

6.5CVSS6.6AI score0.00854EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:17 p.m.10 views

CVE-2020-13595

The Bluetooth Low Energy BLE controller implementation in Espressif ESP-IDF 4.0 through 4.2 for ESP32 devices returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can...

6.5CVSS6.9AI score0.0087EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.8 views

CVE-2020-16146

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btcblufirecvhandler function in blufiprf.c. An attacker can send a crafted BluFi protocol Write Attribute command to...

7.5CVSS7.2AI score0.01382EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.10 views

CVE-2019-15894

An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest verification at startup, and boot unverified code fr...

7.2CVSS7.9AI score0.00464EPSS
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2025/05/19 4:37 p.m.8 views

A Silicon Valley VC Got Israel Starlink Access Within Days of October 7 Attack

During a webinar hosted by Israel’s Defense Ministry, Sequoia Capital partner Shaun Maguire discussed helping connect Israel with SpaceX’s Starlink satellite internet far earlier than was known...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/15 8:10 a.m.25 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS7.2AI score0.00594EPSS
Exploits1References1
NVD
NVD
added 2025/03/13 5:15 p.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

8.8CVSS0.00594EPSS
Exploits1References2
CVE
CVE
added 2025/03/13 12:0 a.m.54 views

CVE-2024-53406

CVE-2024-53406 affects Espressif ESP-IDF v5.3.0. The issue is described as insecure permissions that enable authentication bypass, with the reconnection phase reusing a prior session key, creating a foothold for security bypass attacks. The documented CVSS v3.1 base score is 8.8 (HIGH) with netwo...

8.8CVSS7.4AI score0.00594EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/13 12:0 a.m.9 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

6.9AI score0.00594EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/13 12:0 a.m.23 views

CVE-2024-53406

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. In the reconnection phase, the device reuses the session key from a previous connection session, creating an opportunity for attackers to execute security bypass attacks...

0.00594EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/14 4:14 a.m.11 views

CVE-2024-33454

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component...

6.5CVSS7.8AI score0.01127EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:34 p.m.12 views

CVE-2022-24893

ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK ESP-BLE-MESH, a memory corruption vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. This can result in memory corruption...

8.8CVSS6.9AI score0.00521EPSS
Exploits0References1
NVD
NVD
added 2024/11/07 6:15 p.m.36 views

CVE-2024-51428

An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service DoS via a crafted data channel packet...

7.5CVSS0.00513EPSS
Exploits2References2
Rows per page
Query Builder