CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51574 – Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-51574
20 Dec 2023 — Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword method. The issue results from the exposure of a dangerous function. • https://www.zerodayinitiative.com/advisories/ZDI-23-1880 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51575 – Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51575
20 Dec 2023 — Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. • https://www.zerodayinitiative.com/advisories/ZDI-23-1881 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51576 – Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51576
20 Dec 2023 — Voltronic Power ViewPower Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RMI interface, which listens on TCP port 51099 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://www.zerodayinitiative.com/advisories/ZDI-23-1882 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51577 – Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51577
20 Dec 2023 — Voltronic Power ViewPower setShutdown Exposed Dangerous Method Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the setShutdown method. The issue results from an exposed dangerous method. • https://www.zerodayinitiative.com/advisories/ZDI-23-1883 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51578 – Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-51578
20 Dec 2023 — Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. • https://www.zerodayinitiative.com/advisories/ZDI-23-1884 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51579 – Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-51579
20 Dec 2023 — Voltronic Power ViewPower Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on folders. • https://www.zerodayinitiative.com/advisories/ZDI-23-1885 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51581 – Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51581
20 Dec 2023 — Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MacMonitorConsole class. The issue results from an exposed dangerous method. • https://www.zerodayinitiative.com/advisories/ZDI-23-1886 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51582 – Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51582
20 Dec 2023 — Voltronic Power ViewPower LinuxMonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LinuxMonitorConsole class. The issue results from an exposed dangerous method. • https://www.zerodayinitiative.com/advisories/ZDI-23-1887 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51583 – Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51583
20 Dec 2023 — Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpsScheduler class. The issue results from an exposed dangerous method. • https://www.zerodayinitiative.com/advisories/ZDI-23-1888 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51585 – Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51585
20 Dec 2023 — Voltronic Power ViewPower USBCommEx shutdown Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. User interaction is required to exploit this vulnerability in that an administrator must trigger a shutdown operation. The specific flaw exists within the shutdown method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a sys... • https://www.zerodayinitiative.com/advisories/ZDI-23-1890 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •