Vulnerabilities > Hidglobal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-23806 | Unspecified vulnerability in Hidglobal products Sensitive data can be extracted from HID iCLASS SE reader configuration cards. low complexity hidglobal | 5.3 |
| 2024-02-06 | CVE-2024-22388 | Unspecified vulnerability in Hidglobal products Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. | 7.8 |
| 2023-06-07 | CVE-2023-2904 | Unspecified vulnerability in Hidglobal Safe 5.11.3/5.8.0 The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). | 7.3 |
| 2022-06-06 | CVE-2022-31479 | OS Command Injection vulnerability in multiple products An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. | 9.8 |
| 2022-06-06 | CVE-2022-31480 | Forced Browsing vulnerability in multiple products An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). | 7.5 |
| 2022-06-06 | CVE-2022-31481 | Classic Buffer Overflow vulnerability in multiple products An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. | 10.0 |
| 2022-06-06 | CVE-2022-31482 | Classic Buffer Overflow vulnerability in multiple products An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. | 7.5 |
| 2022-06-06 | CVE-2022-31483 | Path Traversal vulnerability in multiple products An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. | 8.8 |
| 2022-06-06 | CVE-2022-31484 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. | 7.5 |
| 2022-06-06 | CVE-2022-31485 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. | 5.3 |