Vulnerabilities > Bosch > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2021-23854 Cross-site Scripting vulnerability in Bosch products
An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface.
network
bosch CWE-79
4.3
2021-03-25 CVE-2020-6790 Uncontrolled Search Path Element vulnerability in Bosch Video Streaming Gateway
Calling an executable through an Uncontrolled Search Path Element in the Bosch Video Streaming Gateway installer up to and including version 6.45.10 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6789 Uncontrolled Search Path Element vulnerability in Bosch Monitor Wall 10.00.0164
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Monitor Wall installer up to and including version 10.00.0164 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6788 Uncontrolled Search Path Element vulnerability in Bosch Configuration Manager
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Configuration Manager installer up to and including version 7.21.0078 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6787 Uncontrolled Search Path Element vulnerability in Bosch Video Client 1.7.6.079
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Client installer up to and including version 1.7.6.079 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6786 Uncontrolled Search Path Element vulnerability in Bosch Video Recording Manager
Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6785 Uncontrolled Search Path Element vulnerability in Bosch products
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-03-25 CVE-2020-6771 Uncontrolled Search Path Element vulnerability in Bosch IP Helper 1.00.0008
Loading a DLL through an Uncontrolled Search Path Element in Bosch IP Helper up to and including version 1.00.0008 potentially allows an attacker to execute arbitrary code on a victim's system.
local
bosch CWE-427
6.9
2021-01-26 CVE-2020-6780 Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware
Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.
network
low complexity
bosch CWE-916
4.0
2021-01-14 CVE-2020-6776 Cross-Site Request Forgery (CSRF) vulnerability in Bosch Praesensa Firmware and Praesideo Firmware
A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery).
network
bosch CWE-352
6.8