Lucene search
K

89 matches found

NVD
NVD
added 2023/09/02 1:15 p.m.27 views

CVE-2023-39980

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

8.1CVSS7.3AI score0.00516EPSS
Exploits0References1
NVD
NVD
added 2023/09/02 1:15 p.m.30 views

CVE-2023-39983

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application...

5.3CVSS5.4AI score0.0048EPSS
Exploits0References1
NVD
NVD
added 2023/09/02 1:15 p.m.10 views

CVE-2023-39979

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...

9.8CVSS9.4AI score0.0074EPSS
Exploits0References1
OSV
OSV
added 2023/09/02 1:15 p.m.3 views

CVE-2023-39979

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...

9.8CVSS5.8AI score0.0074EPSS
Exploits0References1
Prion
Prion
added 2023/09/02 1:15 p.m.10 views

Authentication flaw

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...

7.5CVSS9.3AI score0.0074EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/02 1:15 p.m.14 views

Sql injection

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

5.5CVSS7.8AI score0.00516EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/02 12:37 p.m.11 views

CVE-2023-39983 MXsecurity Register Database Pollution

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application...

5.3CVSS7.3AI score0.0048EPSS
Exploits0References1
CVE
CVE
added 2023/09/02 12:37 p.m.79 views

CVE-2023-39983

Affected software: MXsecurity (nsm-web UI) prior to v1.0.1. What is vulnerable: A vulnerability allowing an unauthenticated remote attacker to register or add devices via the nsm-web application, potentially polluting the MXsecurity sqlite database. Root cause / details: Documented across multipl...

5.3CVSS5.4AI score0.0048EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/02 12:37 p.m.36 views

CVE-2023-39983 MXsecurity Register Database Pollution

A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote attacker to register or add devices via the nsm-web application...

5.3CVSS5.7AI score0.0048EPSS
Exploits0References1
CVE
CVE
added 2023/09/02 12:31 p.m.56 views

CVE-2023-39982

MXsecurity versions prior to v1.0.1 contain a hard-coded SSH host key that may allow man-in-the-middle attacks and decryption of SSH traffic, compromising confidentiality and integrity. The issue affects the MXsecurity platform’s SSH communications on affected devices. Remediation acknowledged in...

7.5CVSS6.1AI score0.00369EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/02 12:31 p.m.16 views

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

7.5CVSS7.5AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/02 12:31 p.m.9 views

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

7.5CVSS6.3AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/02 12:25 p.m.27 views

CVE-2023-39981 MXsecurity Device Information Disclosure

A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker...

7.5CVSS7.7AI score0.00618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/02 12:25 p.m.11 views

CVE-2023-39981 MXsecurity Device Information Disclosure

A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote attacker...

7.5CVSS7.5AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2023/09/02 12:25 p.m.52 views

CVE-2023-39981

MXsecurity is vulnerable in versions prior to 1.0.1 due to inadequate authentication, enabling a remote attacker to disclose device information. The CVE-2023-39981 description specifies unauthorized access as the risk, with the base CVSS v3.1 metrics indicating high impact on confidentiality and ...

7.5CVSS7.5AI score0.00618EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/02 12:14 p.m.8 views

CVE-2023-39980 MXsecurity Authenticated Information Disclosure Due to SQL Injection

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

7.1CVSS7AI score0.00516EPSS
Exploits0References1
CVE
CVE
added 2023/09/02 12:14 p.m.47 views

CVE-2023-39980

CVE-2023-39980 affects MXsecurity prior to v1.0.1. The issue is SQL injection caused by improper neutralization of certain elements, enabling a remote attacker to alter SQL commands and disclose authenticated information. A fix is available: upgrade MXsecurity to v1.0.1 or later. Evidence from mu...

8.1CVSS7.3AI score0.00516EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/02 12:14 p.m.28 views

CVE-2023-39980 MXsecurity Authenticated Information Disclosure Due to SQL Injection

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

7.1CVSS8.2AI score0.00516EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/02 12:5 p.m.16 views

CVE-2023-39979 MXsecurity Authentication Bypass

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...

9.8CVSS9.6AI score0.0074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/02 12:5 p.m.13 views

CVE-2023-39979 MXsecurity Authentication Bypass

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...

9.8CVSS7.1AI score0.0074EPSS
Exploits0References1
Rows per page
Query Builder