CVSS: 9.8EPSS: 78%CPEs: 2EXPL: 0CVE-2022-40022 – Symmetricom SyncServer Unauthenticated Remote Command Execution
https://notcve.org/view.php?id=CVE-2022-40022
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. • http://packetstormsecurity.com/files/172907/Symmetricom-SyncServer-Unauthenticated-Remote-Command-Execution.html https://www.microsemi.com/campaigns/network-time-servers/S650p/%3Fgd%3D1&id=5&gclid=Cj0KCQjwjbyYBhCdARIsAArC6LL-202ej5YfDB5lMIMSZ2735qjo5yaj2i-PrvLv2Cnh_kIJtFJ0oF8aAlMpEALw_wcB https://www.microsemi.com/campaigns/network-time-servers/syncserver-s600/?url= https://www.microsemi.com/document-portal/doc_download/135737-datasheet-syncserver-s650 https://www.securifera.com/advisories/CVE-2022-40022 https://nvd.nist.gov/vuln/detail • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45192
https://notcve.org/view.php?id=CVE-2022-45192
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. • https://blediff.github.io •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45191
https://notcve.org/view.php?id=CVE-2022-45191
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. • https://www.microchip.com/en-us/support/product-change-notification • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40480
https://notcve.org/view.php?id=CVE-2022-40480
Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. • https://blediff.github.io •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45190
https://notcve.org/view.php?id=CVE-2022-45190
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. • https://blediff.github.io • CWE-306: Missing Authentication for Critical Function •