CVE-2024-50084 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...

CVE-2024-50084 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...

CVE-2024-50084

In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcapapiencoderuletest Commit a3c1e45156ad "net: microchip: vcap: Fix use-after-free error in kunit test" fixed the use-after-free error, but introduced below memory leaks by removing...

The vulnerability of the vcap_api_encode_rule_test() function in the network adapter driver from Microchip’s Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the vcapapiencoderuletest function in the drivers/net/ethernet/microchip/vcap/vcapapikunit.c file of the network adapter driver software for Microchip’s Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an...

CVE-2024-29155

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...

CVE-2024-29155 Denial of service on Microchip RN4870 devices

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...

CVE-2024-29155 Denial of service on Microchip RN4870 devices

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...

CVE-2024-29155

The CVE-2024-29155 entry concerns Microchip RN4870 devices. Affected software/hardware: Microchip RN4870 (Bluetooth Low Energy module) as described in the provided records. Vulnerable component: the pairing flow handling for consecutive PairReqNoInputNoOutput requests. Root cause: when more than ...

net: microchip: vcap: Fix use-after-free error in kunit test

...

Microchip RN4870 输入验证错误漏洞

The Microchip RN4870 is a Bluetooth low energy module chip from Microchip, Inc. The Microchip RN4870 suffers from an input validation error vulnerability that stems from the fact that when the device receives multiple PairReqNoInputNoOutput requests in a row, it will not be able to complete the...

PT-2024-22772 · Microchip · Microchip Rn4870

Name of the Vulnerable Software and Affected Versions: Microchip RN4870 affected versions not specified Description: The issue occurs when more than one consecutive PairReqNoInputNoOutput request is received, causing the device to become incapable of completing the pairing process. A third party...

CVE-2024-43687

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43687

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 banner config modules allows Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43684

Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...

CVE-2024-43683

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0...

CVE-2024-43684

Cross-Site Request Forgery CSRF vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting XSS.This issue affects TimeProvider 4100: from 1.0...

CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...