Latest CVE Feed
-
4.8
MEDIUMCVE-2021-23881
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser... Read more
Affected Products : endpoint_security- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2021-23880
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific com... Read more
Affected Products : endpoint_security- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-23879
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and prot... Read more
Affected Products : endpoint_product_removal_tool- Published: Mar. 15, 2021
- Modified: Nov. 21, 2024
-
7.3
HIGHCVE-2021-23878
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS admi... Read more
Affected Products : endpoint_security- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23877
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of ... Read more
Affected Products : total_protection- Published: Oct. 26, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23876
Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constru... Read more
Affected Products : total_protection- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23873
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially causing Denial of Service via manipulating Junction lin... Read more
Affected Products : total_protection- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-23872
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOCTL interface.... Read more
Affected Products : total_protection- Published: May. 12, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23863
HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to displ... Read more
Affected Products : video_security- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2021-23862
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 an... Read more
Affected Products : bosch_video_management_system video_recording_manager divar_ip_5000_firmware divar_ip_7000_firmware videojet_decoder_7513_firmware videojet_decoder_8000_firmware divar_ip_7000_r2_firmware divar_ip_all-in-one_5000_firmware divar_ip_all-in-one_7000_firmware videojet_decoder_7513 +1 more products- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-23861
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP a... Read more
- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-23860
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the ... Read more
- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-23859
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On... Read more
Affected Products : access_professional_edition bosch_video_management_system building_integration_system video_recording_manager access_easy_controller_firmware divar_ip_5000_firmware divar_ip_7000_firmware video_recording_manager_exporter divar_ip_7000_r2_firmware divar_ip_all-in-one_5000_firmware +2 more products- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-23858
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial numb... Read more
Affected Products : rexroth_indramotion_mlc_l20_firmware rexroth_indramotion_mlc_l40_firmware rexroth_indramotion_mlc_l25_firmware rexroth_indramotion_mlc_l45_firmware rexroth_indramotion_mlc_l65_firmware rexroth_indramotion_mlc_l75_firmware rexroth_indramotion_mlc_l85_firmware rexroth_indramotion_mlc_xm22_firmware rexroth_indramotion_mlc_xm21_firmware rexroth_indramotion_mlc_xm41_firmware +14 more products- Published: Oct. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-23857
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.... Read more
Affected Products : rexroth_indramotion_xlc_firmware rexroth_indramotion_mlc_l20_firmware rexroth_indramotion_mlc_l40_firmware rexroth_indramotion_mlc_l25_firmware rexroth_indramotion_mlc_l45_firmware rexroth_indramotion_mlc_l65_firmware rexroth_indramotion_mlc_l75_firmware rexroth_indramotion_mlc_l85_firmware rexroth_indramotion_mlc_xm22_firmware rexroth_indramotion_mlc_xm21_firmware +14 more products- Published: Oct. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-23856
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.... Read more
- Published: Oct. 04, 2021
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-23855
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.... Read more
- Published: Oct. 04, 2021
- Modified: Nov. 21, 2024
-
8.3
HIGHCVE-2021-23854
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.... Read more
Affected Products : cpp6_firmware cpp7_firmware cpp7.3_firmware cpp13_firmware cpp6 cpp7 cpp7.3 cpp13- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23853
In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.... Read more
Affected Products : cpp6_firmware cpp7_firmware cpp7.3_firmware cpp4_firmware cpp13_firmware cpp6 cpp7 cpp7.3 cpp4 cpp13- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
4.9
MEDIUMCVE-2021-23852
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).... Read more
Affected Products : cpp6_firmware cpp7_firmware cpp7.3_firmware cpp4_firmware cpp13_firmware cpp6 cpp7 cpp7.3 cpp4 cpp13- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024