Vulnerabilities > Idemia > Morphowave SP Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-15 | CVE-2023-33218 | Out-of-bounds Write vulnerability in Idemia products The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. | 9.8 |
2023-12-15 | CVE-2023-33219 | Out-of-bounds Write vulnerability in Idemia products The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. | 9.8 |
2023-12-15 | CVE-2023-33220 | Out-of-bounds Write vulnerability in Idemia products During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. | 9.8 |
2023-12-15 | CVE-2023-33221 | Out-of-bounds Write vulnerability in Idemia products When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. | 9.8 |
2023-12-15 | CVE-2023-33222 | Out-of-bounds Write vulnerability in Idemia products When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. | 9.8 |
2023-12-15 | CVE-2023-33217 | Unspecified vulnerability in Idemia products By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. | 7.5 |
2023-11-28 | CVE-2023-4667 | Cross-site Scripting vulnerability in Idemia products The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. | 4.8 |