Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-841
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1383 2 Amazon, Bestbuy 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv 2024-11-21 N/A 5.4 MEDIUM
An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3.
CVE-2022-2105 1 Secheron 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware 2024-11-21 6.4 MEDIUM 9.4 CRITICAL
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
CVE-2022-2102 1 Secheron 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware 2024-11-21 5.0 MEDIUM 9.4 CRITICAL
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.
CVE-2022-1667 1 Secheron 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script
CVE-2024-46307 1 Sparkshop 1 Sparkshop 2024-10-15 N/A 7.5 HIGH
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.