Vendor CVEs
Microchip
All CVEs
49 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-40022 | Cri | 0.74 | 9.8 | 0.92 | Feb 13, 2023 | Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | ||
| CVE-2024-22216 | Cri | 0.65 | 10.0 | 0.01 | Jan 8, 2024 | In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484… | ||
| CVE-2025-9497 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0. | ||
| CVE-2020-27636 | Cri | 0.59 | 9.1 | 0.01 | Oct 10, 2023 | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | ||
| CVE-2019-16127 | Cri | 0.59 | 9.1 | 0.02 | Oct 22, 2020 | Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. | ||
| CVE-2022-46403 | Hig | 0.56 | 8.6 | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages. | ||
| CVE-2022-46399 | Hig | 0.49 | 7.5 | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero. | ||
| CVE-2021-37605 | Hig | 0.49 | 7.5 | 0.01 | Aug 5, 2021 | In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. | ||
| CVE-2021-37604 | Hig | 0.49 | 7.5 | 0.01 | Aug 5, 2021 | In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame… | ||
| CVE-2020-12789 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||
| CVE-2020-12788 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||
| CVE-2020-12787 | Hig | 0.49 | 7.5 | 0.01 | Sep 14, 2020 | Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||
| CVE-2022-45192 | Med | 0.42 | 6.5 | 0.00 | Feb 8, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | ||
| CVE-2022-45191 | Med | 0.42 | 6.5 | 0.00 | Feb 8, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | ||
| CVE-2022-46402 | Med | 0.42 | 6.5 | 0.00 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values. | ||
| CVE-2019-19195 | Med | 0.42 | 6.5 | 0.01 | Feb 10, 2020 | The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | ||
| CVE-2024-4760 | Med | 0.41 | 6.3 | 0.00 | May 16, 2024 | A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set. | ||
| CVE-2023-23588 | Med | 0.40 | 6.2 | 0.00 | Apr 11, 2023 | A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),… | ||
| CVE-2020-20950 | Med | 0.38 | 5.9 | 0.01 | Jan 19, 2021 | Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server… | ||
| CVE-2019-16128 | Med | 0.37 | 6.8 | 0.01 | Oct 22, 2020 | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2). | ||
| CVE-2019-16129 | Med | 0.37 | 6.8 | 0.01 | Oct 22, 2020 | Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2). | ||
| CVE-2022-46401 | Med | 0.35 | 5.4 | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete. | ||
| CVE-2022-46400 | Med | 0.35 | 5.4 | 0.01 | Dec 19, 2022 | The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing. | ||
| CVE-2022-45190 | Med | 0.34 | 5.3 | 0.00 | Feb 8, 2023 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. | ||
| CVE-2024-29155 | Med | 0.28 | 4.3 | 0.00 | Oct 16, 2024 | On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair… | ||
| CVE-2024-9054 | 0.05 | — | 0.15 | Oct 4, 2024 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider… | |||
| CVE-2009-1608 | 0.04 | — | 0.11 | May 11, 2009 | Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. | |||
| CVE-2024-43687 | 0.03 | — | 0.01 | Oct 4, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | |||
| CVE-2024-7801 | 0.03 | — | 0.01 | Oct 4, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | |||
| CVE-2009-1674 | 0.03 | — | 0.05 | May 18, 2009 | Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608. | |||
| CVE-2024-43686 | 0.01 | — | 0.11 | Oct 4, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | |||
| CVE-2024-7490 | 0.01 | — | 0.01 | Aug 8, 2024 | Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines… | |||
| CVE-2026-12620 | 0.00 | — | 0.00 | Jun 19, 2026 | The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0. | |||
| CVE-2026-12621 | 0.00 | — | 0.00 | Jun 19, 2026 | Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0. | |||
| CVE-2026-12622 | 0.00 | — | 0.00 | Jun 19, 2026 | The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0. | |||
| CVE-2026-12619 | 0.00 | — | 0.00 | Jun 19, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0. | |||
| CVE-2026-3010 | 0.00 | — | 0.00 | Feb 28, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2. | |||
| CVE-2026-2844 | 0.00 | — | 0.00 | Feb 28, 2026 | Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2. | |||
| CVE-2025-47904 | 0.00 | — | 0.00 | Feb 24, 2026 | Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. | |||
| CVE-2025-47902 | 0.00 | — | 0.00 | Oct 20, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5. | |||
| CVE-2025-47901 | 0.00 | — | 0.02 | Oct 20, 2025 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. | |||
| CVE-2025-47900 | 0.00 | — | 0.02 | Oct 20, 2025 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5. | |||
| CVE-2025-37815 | 0.00 | — | 0.00 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and… | |||
| CVE-2024-43683 | 0.00 | — | 0.00 | Oct 4, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | |||
| CVE-2024-43684 | 0.00 | — | 0.00 | Oct 4, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0. | |||
| CVE-2024-43685 | 0.00 | — | 0.00 | Oct 4, 2024 | Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | |||
| CVE-2021-47231 | 0.00 | — | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS Analyzer Tool. The problem was in unfreed usb_coherent. In mcba_usb_start() 20 coherent buffers… | |||
| CVE-2022-47518 | Hig | 0.00 | 7.8 | 0.00 | Dec 18, 2022 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from… | ||
| CVE-2020-11684 | Cri | 0.00 | 9.1 | 0.01 | Sep 14, 2020 | AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the… |
- risk 0.74cvss 9.8epss 0.92
Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.
- risk 0.65cvss 10.0epss 0.01
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484…
- risk 0.64cvss 9.8epss 0.00
Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.
- risk 0.59cvss 9.1epss 0.01
In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.
- risk 0.59cvss 9.1epss 0.02
Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.
- risk 0.56cvss 8.6epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.
- risk 0.49cvss 7.5epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.
- risk 0.49cvss 7.5epss 0.01
In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes.
- risk 0.49cvss 7.5epss 0.01
In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. With this vulnerability in place, an attacker may increment the incoming frame…
- risk 0.49cvss 7.5epss 0.01
The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets.
- risk 0.49cvss 7.5epss 0.01
CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks.
- risk 0.49cvss 7.5epss 0.01
Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values.
- risk 0.42cvss 6.5epss 0.00
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.
- risk 0.42cvss 6.5epss 0.01
The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet.
- risk 0.41cvss 6.3epss 0.00
A voltage glitch during the startup of EEFC NVM controllers on Microchip SAM E70/S70/V70/V71, SAM G55, SAM 4C/4S/4N/4E, and SAM 3S/3N/3U microcontrollers allows access to the memory bus via the debug interface even if the security bit is set.
- risk 0.40cvss 6.2epss 0.00
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows),…
- risk 0.38cvss 5.9epss 0.01
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server…
- risk 0.37cvss 6.8epss 0.01
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).
- risk 0.37cvss 6.8epss 0.01
Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).
- risk 0.35cvss 5.4epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
- risk 0.35cvss 5.4epss 0.01
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.
- risk 0.34cvss 5.3epss 0.00
An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.
- risk 0.28cvss 4.3epss 0.00
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair…
- CVE-2024-9054Oct 4, 2024risk 0.05cvss —epss 0.15
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Configuration modules) allows Command Injection.This issue affects TimeProvider…
- CVE-2009-1608May 11, 2009risk 0.04cvss —epss 0.11
Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields.
- CVE-2024-43687Oct 4, 2024risk 0.03cvss —epss 0.01
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
- CVE-2024-7801Oct 4, 2024risk 0.03cvss —epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
- CVE-2009-1674May 18, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608.
- CVE-2024-43686Oct 4, 2024risk 0.01cvss —epss 0.11
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
- CVE-2024-7490Aug 8, 2024risk 0.01cvss —epss 0.01
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines…
- CVE-2026-12620Jun 19, 2026risk 0.00cvss —epss 0.00
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
- CVE-2026-12621Jun 19, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.
- CVE-2026-12622Jun 19, 2026risk 0.00cvss —epss 0.00
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
- CVE-2026-12619Jun 19, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting (XSS). This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
- CVE-2026-3010Feb 28, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2.
- CVE-2026-2844Feb 28, 2026risk 0.00cvss —epss 0.00
Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2.
- CVE-2025-47904Feb 24, 2026risk 0.00cvss —epss 0.00
Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.
- CVE-2025-47902Oct 20, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
- CVE-2025-47901Oct 20, 2025risk 0.00cvss —epss 0.02
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
- CVE-2025-47900Oct 20, 2025risk 0.00cvss —epss 0.02
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100: before 2.5.
- CVE-2025-37815May 8, 2025risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and…
- CVE-2024-43683Oct 4, 2024risk 0.00cvss —epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0.
- CVE-2024-43684Oct 4, 2024risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
- CVE-2024-43685Oct 4, 2024risk 0.00cvss —epss 0.00
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
- CVE-2021-47231May 21, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS Analyzer Tool. The problem was in unfreed usb_coherent. In mcba_usb_start() 20 coherent buffers…
- risk 0.00cvss 7.8epss 0.00
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from…
- risk 0.00cvss 9.1epss 0.01
AT91bootstrap before 3.9.2 does not properly wipe encryption and authentication keys from memory before passing control to a less privileged software component. This can be exploited to disclose these keys and subsequently encrypt and sign the next boot stage (such as the…