CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2023-35867
https://notcve.org/view.php?id=CVE-2023-35867
18 Dec 2023 — An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. To exploit this vulnerability an attacker has to replace an existing API server e.g. through Man-in-the-Middle attacks. Un manejo inadecuado de paquetes de respuesta API con formato incorrecto para clientes API en productos de software Bosch BT puede permitir que un atacante no autenticado provoque una situación de denegación ... • https://psirt.bosch.com/security-advisories/BOSCH-SA-092656-BT.html • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2020-6785 – Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
https://notcve.org/view.php?id=CVE-2020-6785
25 Mar 2021 — Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1. Cargar una DLL mediante un Elemento de Ruta de... • https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.6EPSS: 1%CPEs: 19EXPL: 0CVE-2020-6768 – Path Traversal in Bosch Video Management System (BVMS)
https://notcve.org/view.php?id=CVE-2020-6768
07 Feb 2020 — A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is... • https://psirt.bosch.com/security-advisories/bosch-sa-815013-bt.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2020-6769 – Missing Authentication for Critical Function in Bosch Video Streaming Gateway
https://notcve.org/view.php?id=CVE-2020-6769
07 Feb 2020 — Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.... • https://psirt.bosch.com/security-advisories/BOSCH-SA-260625-BT.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.7EPSS: 0%CPEs: 19EXPL: 0CVE-2020-6767 – Path Traversal in Bosch Video Management System (BVMS)
https://notcve.org/view.php?id=CVE-2020-6767
06 Feb 2020 — A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is ... • https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-381489-bt_cve-2020-6767_securityadvisory_bvms_pathtraversal.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •