Vulnerabilities > Microchip > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-14 CVE-2020-12788 Information Exposure Through Discrepancy vulnerability in Microchip products
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
network
low complexity
microchip CWE-203
5.0
2020-09-14 CVE-2020-12787 Unspecified vulnerability in Microchip products
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
network
microchip
4.3
2020-02-17 CVE-2020-9033 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
network
low complexity
microchip CWE-22
6.4
2020-02-17 CVE-2020-9032 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
network
low complexity
microchip CWE-22
6.4
2020-02-17 CVE-2020-9031 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
network
low complexity
microchip CWE-22
6.4
2020-02-17 CVE-2020-9030 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
network
low complexity
microchip CWE-22
6.4
2020-02-17 CVE-2020-9029 Path Traversal vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
network
low complexity
microchip CWE-22
6.4
2020-02-17 CVE-2020-9028 Cross-site Scripting vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
network
microchip CWE-79
4.3
2020-02-17 CVE-2020-9034 Improper Input Validation vulnerability in Microchip products
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
network
low complexity
microchip CWE-20
5.0
2020-02-10 CVE-2019-19195 Unspecified vulnerability in Microchip Atmsamb11 Blusdk Smart 6.2
The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
low complexity
microchip
6.1