Aggregates CVE and security vulnerability intelligence across all microchip-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk input validation and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-9031 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | [email protected] | 6.5 | 1.06% | 2020-02-16 | 2026-06-16 |
| CVE-2020-9030 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php. | [email protected] | 6.5 | 1.06% | 2020-02-16 | 2026-06-16 |
| CVE-2020-9029 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | [email protected] | 6.5 | 1.22% | 2020-02-16 | 2026-06-16 |
| CVE-2020-9028 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user). | [email protected] | 6.1 | 0.67% | 2020-02-16 | 2026-06-16 |
| CVE-2020-9034 | Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | [email protected] | 7.5 | 0.91% | 2020-02-16 | 2026-06-16 |
| CVE-2019-19195 | The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | [email protected] | 6.5 | 0.70% | 2020-02-10 | 2026-06-16 |
| CVE-2019-15809 | Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, wh | [email protected] | 4.7 | 0.47% | 2019-10-03 | 2026-06-16 |
| CVE-2009-1674 | Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a [TOOL_SETTINGS] section in a .mcp file, possibly a related issue to CVE-2009-1608. | [email protected] | 9.3 | 4.90% | 2009-05-18 | 2026-06-16 |
| CVE-2009-1608 | Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly earlier versions allow user-assisted remote attackers to execute arbitrary code via a .MCP project file with long (1) FILE_INFO, (2) CAT_FILTERS, and possibly other fields. | [email protected] | 9.3 | 11.19% | 2009-05-11 | 2026-06-16 |