Vulnerabilities > Microchip > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-19 CVE-2022-46401 Unspecified vulnerability in Microchip products
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
low complexity
microchip
5.4
5.4
2022-12-19 CVE-2022-46402 Improper Validation of Integrity Check Value vulnerability in Microchip products
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.
low complexity
microchip CWE-354
6.5
6.5
2021-01-19 CVE-2020-20950 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26.
network
high complexity
ietf microchip CWE-327
5.9
5.9
2020-10-22 CVE-2019-16128 Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
low complexity
microchip CWE-120
6.8
6.8
2020-10-22 CVE-2019-16129 Classic Buffer Overflow vulnerability in Microchip Cryptoauthlib
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
low complexity
microchip CWE-120
6.8
6.8
2020-02-17 CVE-2020-9033 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
network
low complexity
microchip CWE-22
6.5
6.5
2020-02-17 CVE-2020-9032 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
network
low complexity
microchip CWE-22
6.5
6.5
2020-02-17 CVE-2020-9031 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
network
low complexity
microchip CWE-22
6.5
6.5
2020-02-17 CVE-2020-9030 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
network
low complexity
microchip CWE-22
6.5
6.5
2020-02-17 CVE-2020-9029 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
network
low complexity
microchip CWE-22
6.5
6.5