Vulnerabilities > Bosch > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-35867 | Unspecified vulnerability in Bosch products An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. | 5.9 |
| 2023-06-15 | CVE-2023-32229 | Resource Exhaustion vulnerability in Bosch Cpp13 Firmware and Cpp14 Firmware Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256. | 6.5 |
| 2022-10-27 | CVE-2022-40183 | Cross-site Scripting vulnerability in Bosch Videojet Multi 4000 Firmware An error in the URL handler of the VIDEOJET multi 4000 may lead to a reflected cross site scripting (XSS) in the web-based interface. | 4.7 |
| 2022-10-27 | CVE-2022-40184 | Cross-site Scripting vulnerability in Bosch Videojet Multi 4000 Firmware Incomplete filtering of JavaScript code in different configuration fields of the web based interface of the VIDEOJET multi 4000 allows an attacker with administrative credentials to store JavaScript code which will be executed for all administrators accessing the same configuration option. | 4.8 |
| 2022-09-30 | CVE-2022-32540 | Information Exposure vulnerability in Bosch products Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. | 5.9 |
| 2022-08-01 | CVE-2022-36302 | Injection vulnerability in Bosch Bf-Os File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | 5.4 |
| 2022-01-28 | CVE-2021-23863 | Cross-site Scripting vulnerability in Bosch Video Security 3.2.3 HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. | 6.1 |
| 2021-12-08 | CVE-2021-23860 | Cross-site Scripting vulnerability in Bosch products An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. | 6.1 |
| 2021-12-08 | CVE-2021-23861 | Unspecified vulnerability in Bosch products By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. | 6.5 |
| 2021-10-04 | CVE-2021-23856 | Cross-site Scripting vulnerability in Bosch products The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | 6.1 |