CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-9033
https://notcve.org/view.php?id=CVE-2020-9033
17 Feb 2020 — Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. Los dispositivos Symmetricom SyncServer S100 versión 2.90.70.3, S200 versión 1.30, S250 versión 1.25, S300 versión 2.65.0 y S350 versión 2.80.1, permiten un Salto de Directorio por medio del parámetro FileName a un archivo authlog.php. • https://sku11army.blogspot.com/2020/01/symmetricom-syncserver.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-9034
https://notcve.org/view.php?id=CVE-2020-9034
17 Feb 2020 — Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. Los dispositivos Symmetricom SyncServer S100 versión 2.90.70.3, S200 versión 1.30, S250 versión 1.25, S300 versión 2.65.0 y S350 versión 2.80.1, manejan inapropiadamente la comprobación de sesión, conllevando a una creación, modificación o eliminación de usuarios no autenticados. • https://sku11army.blogspot.com/2020/01/symmetricom-syncserver_27.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19195
https://notcve.org/view.php?id=CVE-2019-19195
10 Feb 2020 — The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. La implementación de Bluetooth Low Energy en la tecnología Microchip BluSDK Smart versiones hasta 6.2 para dispositivos ATSAMB11, no restringe apropiadamente la longitud de los datos de la capa de enlace en la recepción, permitiendo a atacantes ... • https://asset-group.github.io/disclosures/sweyntooth •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 1CVE-2019-15809
https://notcve.org/view.php?id=CVE-2019-15809
03 Oct 2019 — Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks th... • http://www.openwall.com/lists/oss-security/2019/10/02/2 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2009-1674 – MPLAB IDE 8.30 - '.mcp' Universal Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2009-1674
18 May 2009 — Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608. Desbordamiento de búfer basado en pila en Microchip MPLAB IDE v8.30 permite a atacantes remotos asistidos por usuarios, ejecutar código de su elección a través de un nombre de Path .cof largo en una sección [TOOL_SETTINGS] en un fichero .mcp, posiblemente relacionado con CVE-200... • https://www.exploit-db.com/exploits/8656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 2CVE-2009-1608 – MPLAB IDE 8.30 - '.mcp' Universal Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2009-1608
11 May 2009 — Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. Múltiples desbordamientos de búfer en MPLAB IDE v8.30 y posiblemente versiones anteriores. Permiten a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un fichero de proyecto .MCP con largos (1) FILE_INFO, (2) CAT_FILTERS y posiblemente... • https://www.exploit-db.com/exploits/8656 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2006-2482
https://notcve.org/view.php?id=CVE-2006-2482
08 Sep 2006 — Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856. Desbordamiento de búfer basado en montón en el componente ZipTV en (1) ZipTV para Delphi 7 26/01/2006 y para C++ Builder 16/01/2006, (2) PentaZip 8.5.1.190 y ... • http://secunia.com/advisories/20270 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •