CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45892
https://notcve.org/view.php?id=CVE-2023-45892
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. Un problema descubierto en las páginas de Order y Invoice en Floorsight Insights Q3 2023 permite a un atacante remoto no autenticado ver información confidencial del cliente. • https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18857
https://notcve.org/view.php?id=CVE-2017-18857
The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. La aplicación NETGEAR Insight versiones anteriores a 2.42, para Android e iOS está afectada por una administración inapropiada de contraseñas. • https://kb.netgear.com/000038799/Security-Fix-for-Password-Management-in-NETGEAR-Insight-App-PSV-2017-1978 • CWE-521: Weak Password Requirements •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12591
https://notcve.org/view.php?id=CVE-2019-12591
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. NETGEAR Insight Cloud con firmware Insight anterior a la versión 5.6 permite a los usuarios autenticados remotos lograr la inyección de comandos. • https://kb.netgear.com/000060977/Security-Advisory-for-Post-Authentication-Command-Injection-on-Insight-Cloud-PSV-2018-0366 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6507
https://notcve.org/view.php?id=CVE-2019-6507
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF. Se ha descubierto un problema en creditease-sec insight hasta el 11/09/2018. login_user_delete in srcpm/app/admin/views.py permite Cross-Site Request Forgery (CSRF). • https://github.com/creditease-sec/insight/issues/42 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6510
https://notcve.org/view.php?id=CVE-2019-6510
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF. Se ha descubierto un problema en creditease-sec insight hasta el 11/09/2018. user_delete en srcpm/app/admin/views.py permite Cross-Site Request Forgery (CSRF). • https://github.com/creditease-sec/insight/issues/42 • CWE-352: Cross-Site Request Forgery (CSRF) •