Search Results (120768 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-25962 1 Dell 1 Insightiq 2025-01-28 8.3 High
Dell InsightIQ, version 5.0, contains an improper access control vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to monitoring data.
CVE-2023-26595 1 Cybozu 1 Garoon 2025-01-28 5.5 Medium
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
CVE-2023-32111 1 Sap 1 Powerdesigner Proxy 2025-01-28 7.5 High
In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.
CVE-2023-27407 1 Siemens 2 Scalance Lpe9403, Scalance Lpe9403 Firmware 2025-01-28 9.9 Critical
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.
CVE-2023-28832 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 7.2 High
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
CVE-2023-29104 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 6 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.
CVE-2023-29106 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 5.3 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.
CVE-2023-29107 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 5.3 Medium
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.
CVE-2023-29128 1 Siemens 4 6gk1411-1ac00, 6gk1411-1ac00 Firmware, 6gk1411-5ac00 and 1 more 2025-01-28 3.8 Low
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.
CVE-2023-30898 1 Siemens 1 Siveillance Video 2025-01-28 9.9 Critical
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
CVE-2023-30899 1 Siemens 1 Siveillance Video 2025-01-28 9.9 Critical
A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.
CVE-2023-23906 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2025-01-28 7.5 High
Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.
CVE-2023-23578 1 Seiko-sol 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware 2025-01-28 7.5 High
Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.
CVE-2021-45345 1 Webcamserver Project 1 Webcamserver 2025-01-28 7.5 High
Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.
CVE-2023-50316 1 Ibm 1 Sterling B2b Integrator 2025-01-28 6.3 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2023-27510 1 Jubei 1 Jb Inquiry Form 2025-01-28 5.3 Medium
JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.
CVE-2023-25184 1 Seiko-sol 6 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 3 more 2025-01-28 5.3 Medium
Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.
CVE-2023-25072 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2025-01-28 6.5 Medium
Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.
CVE-2023-25070 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2025-01-28 4.8 Medium
Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.
CVE-2023-24586 1 Seiko-sol 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more 2025-01-28 3.1 Low
Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.