CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0CVE-2023-48263
https://notcve.org/view.php?id=CVE-2023-48263
10 Jan 2024 — The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegación de servicio (DoS) o, posiblemente, obtener ejecución remota de código (RCE) a través de una solicitud de red manipulada. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0CVE-2023-48262
https://notcve.org/view.php?id=CVE-2023-48262
10 Jan 2024 — The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. La vulnerabilidad permite a un atacante remoto no autenticado realizar un ataque de denegación de servicio (DoS) o, posiblemente, obtener ejecución remota de código (RCE) a través de una solicitud de red manipulada. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48261
https://notcve.org/view.php?id=CVE-2023-48261
10 Jan 2024 — The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. La vulnerabilidad permite a un atacante remoto no autenticado leer contenido arbitrario de la base de datos de resultados a través de una solicitud HTTP manipulada. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48260
https://notcve.org/view.php?id=CVE-2023-48260
10 Jan 2024 — The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. La vulnerabilidad permite a un atacante remoto no autenticado leer contenido arbitrario de la base de datos de resultados a través de una solicitud HTTP manipulada. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48259
https://notcve.org/view.php?id=CVE-2023-48259
10 Jan 2024 — The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. La vulnerabilidad permite a un atacante remoto no autenticado leer contenido arbitrario de la base de datos de resultados a través de una solicitud HTTP manipulada. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48258
https://notcve.org/view.php?id=CVE-2023-48258
10 Jan 2024 — The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. La vulnerabilidad permite a un atacante remoto eliminar archivos arbitrarios en el sistema de archivos a través de una URL manipulada o una solicitud HTTP a través de la sesión de la víctima. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48257
https://notcve.org/view.php?id=CVE-2023-48257
10 Jan 2024 — The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request. La vulnerabilidad permite a un atacante remoto acced... • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-287: Improper Authentication CWE-1391: Use of Weak Credentials •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48256
https://notcve.org/view.php?id=CVE-2023-48256
10 Jan 2024 — The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. La vulnerabilidad permite a un atacante remoto inyectar encabezados de respuesta HTTP arbitrarios o manipular cuerpos de respuesta HTTP dentro de la sesión de una víctima a través de una URL manipulada o una solicitud HTTP. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48255
https://notcve.org/view.php?id=CVE-2023-48255
10 Jan 2024 — The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. La vulnerabilidad permite a un atacante remoto no autenticado enviar solicitudes de red maliciosas que contienen código de script arbitrario del lado del cliente y obtener su ejecución dentro de la sesión de la víctima a travé... • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 21EXPL: 0CVE-2023-48254
https://notcve.org/view.php?id=CVE-2023-48254
10 Jan 2024 — The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. La vulnerabilidad permite a un atacante remoto inyectar y ejecutar código script arbitrario del lado del cliente dentro de la sesión de una víctima a través de una URL manipulada o una solicitud HTTP. • https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •