CWE:
 

Topic
Date
Author
Med.
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification
23.06.2022
Matthias Deeg
Med.
Verbatim Fingerprint Secure Portable Hard Drive Insufficient Verification
22.06.2022
Matthias Deeg
Low
Verbatim Fingerprint Secure Portable Hard Drive Insufficient Verification
20.06.2022
Matthias Deeg
Low
HP Wireless Mouse Spoofing Issue
17.05.2017
SySS GmbH
Med.
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
30.07.2016
SySS
Med.
Samsung SW Update Tool 2.2.5.16 Man-In-The-Middle
11.03.2016
CORE


CVEMAP Search Results

CVE
Details
Description
2022-06-21
High
CVE-2022-31800

Updating...
 

 
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

 
High
CVE-2022-31801

Vendor: Phoenixcontact
Software: Multiprog
 

 
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

 
2022-06-09
Medium
CVE-2022-31813

Vendor: Apache
Software: Http server
 

 
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.

 
2022-04-20
Waiting for details
CVE-2022-26516

Updating...
 

 
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment.

 
2022-04-19
Medium
CVE-2021-26625

Updating...
 

 
Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation logic to download and execute arbitrary malicious file.

 
2022-03-10
Medium
CVE-2020-14111

Updating...
 

 
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.

 
High
CVE-2020-14115

Updating...
 

 
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.

 
2022-03-07
Low
CVE-2021-24825

Vendor: Custom content shortcode project
Software: Custom conte...
 

 
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won't be when either the unfiltered_html or file_edit is disallowed)

 
2022-02-09
Low
CVE-2022-22567

Updating...
 

 
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware.

 
2022-01-10
Low
CVE-2020-10137

Vendor: Silabs
Software: Uzb-7
 

 
Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or encrypt FIND_NODE_IN_RANGE frames, allowing a remote, unauthenticated attacker to inject a FIND_NODE_IN_RANGE frame with an invalid random payload, denying service by blocking the processing of upcoming events.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top