Nexo Cordless Nutrunner Nxv012t 36v B (0608842016)
by Rexroth
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48246 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||
| CVE-2023-48245 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. | |||
| CVE-2023-48244 | 0.00 | — | 0.00 | Jan 10, 2024 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. | |||
| CVE-2023-48243 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root… | |||
| CVE-2023-48242 | 0.00 | — | 0.01 | Jan 10, 2024 | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. |
- CVE-2023-48246Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
- CVE-2023-48245Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
- CVE-2023-48244Jan 10, 2024risk 0.00cvss —epss 0.00
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
- CVE-2023-48243Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root…
- CVE-2023-48242Jan 10, 2024risk 0.00cvss —epss 0.01
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
Page 2 of 2