CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40480
https://notcve.org/view.php?id=CVE-2022-40480
Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. • https://blediff.github.io •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35624
https://notcve.org/view.php?id=CVE-2022-35624
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN En Nordic nRF5 SDK for Mesh 5.0, puede activarse una vulnerabilidad de desbordamiento de pila mediante el envío de una serie de paquetes segmentados con SegO ) SegN • https://docs.google.com/document/d/1BrgB1bQiL-cMXQGaXJWSSyaZY51Zxomp/edit?usp=sharing&ouid=112184420235437308950&rtpof=true&sd=true • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35623
https://notcve.org/view.php?id=CVE-2022-35623
In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth En Nordic nRF5 SDK for Mesh versión 5.0, una vulnerabilidad de desbordamiento de pila puede ser desencadenada mediante el envío de una serie de paquetes de control segmentados y paquetes de acceso con el mismo SeqAuth • https://docs.google.com/document/d/1Y3sB5JbyrTIOgvA1h9X6o8pJQBG4PjWF/edit?usp=sharing&ouid=112184420235437308950&rtpof=true&sd=true • CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2020-27211
https://notcve.org/view.php?id=CVE-2020-27211
Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. The flash read-out protection (APPROTECT) can be bypassed by injecting a fault during the boot phase. Los dispositivos Nordic Semiconductor nRF52840 hasta el 2020-10-19 presentan una protección inadecuada contra los canales laterales físicos. La protección de lectura flash (APPROTECT) se puede omitir inyectando un fallo durante la fase de arranque • https://eprint.iacr.org/2021/640 https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html https://www.aisec.fraunhofer.de/en/FirmwareProtection.html • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29415
https://notcve.org/view.php?id=CVE-2021-29415
The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. This allows an adversary to recover the private ECC key used during an ECDSA operation. El acelerador de hardware elliptic curve cryptography (ECC), parte del ARM® TrustZone® CryptoCell 310, contenido en NordicSemiconductor nRF52840 hasta el 2021-03-29 presenta una implementación ECDSA de tiempo no constante. Esto permite que un adversario recupere la clave ECC privada utilizada durante una operación ECDSA • https://eprint.iacr.org/2021/640 https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html https://www.sit.fraunhofer.de/en/news-events/downloads-services/cve • CWE-203: Observable Discrepancy •