Lucene search

K

Keysight Security Vulnerabilities

cve
cve

CVE-2023-1860

A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste">alert(%27c4ng4c3ir0%27) leads to cross site scripting. The attack can be.....

6.1CVSS

6.1AI Score

0.001EPSS

2023-04-05 09:15 AM
17
cve
cve

CVE-2023-1967

Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be...

9.8CVSS

9.4AI Score

0.001EPSS

2023-04-27 10:15 PM
46
cve
cve

CVE-2023-1399

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code...

9.8CVSS

9.8AI Score

0.002EPSS

2023-03-27 04:15 PM
17
cve
cve

CVE-2023-36853

​In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM...

7.8CVSS

7.3AI Score

0.0005EPSS

2023-07-19 10:15 PM
19
cve
cve

CVE-2023-34394

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service...

7.8CVSS

7.6AI Score

0.002EPSS

2023-07-19 10:15 PM
21
cve
cve

CVE-2022-1661

The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system...

7.5CVSS

7.5AI Score

0.067EPSS

2022-06-02 02:15 PM
41
4
cve
cve

CVE-2022-38129

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS...

9.8CVSS

9.4AI Score

0.007EPSS

2022-08-10 08:16 PM
43
9
cve
cve

CVE-2022-38130

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file (i.e.,...

9.8CVSS

9.4AI Score

0.004EPSS

2022-08-10 08:16 PM
30
6
cve
cve

CVE-2022-1660

The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary...

9.8CVSS

9.7AI Score

0.006EPSS

2022-06-02 02:15 PM
62
2
cve
cve

CVE-2020-35121

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the...

8.8CVSS

8.5AI Score

0.002EPSS

2020-12-15 11:15 PM
25
2
cve
cve

CVE-2020-35122

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database...

7.5CVSS

7.7AI Score

0.001EPSS

2020-12-15 11:15 PM
18
2