Connect
by Fortinet
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-8494 | Hig | 0.47 | 7.2 | 0.01 | Feb 9, 2017 | Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | ||
| CVE-2022-41769 | 0.00 | — | 0.00 | May 10, 2023 | Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2022-41801 | 0.00 | — | 0.00 | May 10, 2023 | Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access. | |||
| CVE-2022-4901 | 0.00 | — | 0.00 | Mar 1, 2023 | Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | |||
| CVE-2022-46081 | 0.00 | — | 0.01 | Jan 4, 2023 | In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product. | |||
| CVE-2019-19592 | 0.00 | — | 0.01 | Jan 21, 2020 | Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting |
- risk 0.47cvss 7.2epss 0.01
Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme.
- CVE-2022-41769May 10, 2023risk 0.00cvss —epss 0.00
Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-41801May 10, 2023risk 0.00cvss —epss 0.00
Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2022-4901Mar 1, 2023risk 0.00cvss —epss 0.00
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
- CVE-2022-46081Jan 4, 2023risk 0.00cvss —epss 0.01
In Garmin Connect 4.61, terminating a LiveTrack session wouldn't prevent the LiveTrack API from continued exposure of private personal information. NOTE: this is disputed by the vendor because the LiveTrack API service is not a customer-controlled product.
- CVE-2019-19592Jan 21, 2020risk 0.00cvss —epss 0.01
Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting