Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
steffen robertz vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-44014
An issue exists in Simmeth Lieferantenmanager prior to 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
Simmeth Lieferantenmanager
7.5
CVSSv3
CVE-2022-44016
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value.
Simmeth Lieferantenmanager
7.5
CVSSv3
CVE-2022-44017
An issue exists in Simmeth Lieferantenmanager prior to 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local...
Simmeth Lieferantenmanager
6.5
CVSSv3
CVE-2022-45914
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows malicious users to change label values via 433 MHz RF signals, as demonstrated by disrupting t...
Electronic Shelf Label Protocol Project Electronic Shelf Label Protocol -
5.5
CVSSv3
CVE-2022-39837
An issue exists in Connected Vehicle Systems Alliance (COVESA) dlt-daemon up to and including 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,
Genivi Diagnostic Log And Trace
5.5
CVSSv3
CVE-2022-39836
An issue exists in Connected Vehicle Systems Alliance (COVESA) dlt-daemon up to and including 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of o...
Genivi Diagnostic Log And Trace
7.5
CVSSv3
CVE-2022-31212
An issue exists in dbus-broker prior to 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.
Dbus-broker Project Dbus-broker
7.5
CVSSv3
CVE-2022-31213
An issue exists in dbus-broker prior to 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.
Dbus-broker Project Dbus-broker
8.8
CVSSv3
CVE-2022-30981
An issue exists in Gentics CMS prior to 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.
Gentics Gentics Cms
5.4
CVSSv3
CVE-2022-30982
An issue exists in Gentics CMS prior to 5.43.1. There is stored XSS in the profile description and in the username.
Gentics Gentics Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »