Vulnerabilities > Keysight

DATE CVE VULNERABILITY TITLE RISK
2023-07-19 CVE-2023-34394 Unrestricted Upload of File with Dangerous Type vulnerability in Keysight Geolocation Server 2.4.2
In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.
local
low complexity
keysight CWE-434
7.8
2023-07-19 CVE-2023-36853 Uncontrolled Search Path Element vulnerability in Keysight Geolocation Server 2.4.2
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location.
local
low complexity
keysight CWE-427
7.8
2023-04-27 CVE-2023-1967 Deserialization of Untrusted Data vulnerability in Keysight N8844A 2.1.7351
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.
network
low complexity
keysight CWE-502
critical
9.8
2023-04-05 CVE-2023-1860 Cross-site Scripting vulnerability in Keysight Hawkeye 3.3.16.28
A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28.
network
low complexity
keysight CWE-79
6.1
2023-03-27 CVE-2023-1399 Deserialization of Untrusted Data vulnerability in Keysight N6854A Firmware 2.3.0/2.4.0/2.4.2
N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.
network
low complexity
keysight CWE-502
critical
9.8
2022-08-10 CVE-2022-38129 Path Traversal vulnerability in Keysight Sensor Management Server 2.4.0
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS).
network
low complexity
keysight CWE-22
critical
9.8
2022-08-10 CVE-2022-38130 SQL Injection vulnerability in Keysight Sensor Management Server 2.4.0
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS.
network
low complexity
keysight CWE-89
critical
9.8
2022-06-02 CVE-2022-1660 Deserialization of Untrusted Data vulnerability in Keysight N6841A RF Firmware and N6854A Firmware
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code.
network
low complexity
keysight CWE-502
critical
9.8
2022-06-02 CVE-2022-1661 Path Traversal vulnerability in Keysight N6841A RF Firmware and N6854A Firmware
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.
network
low complexity
keysight CWE-22
7.5
2020-12-15 CVE-2020-35122 SQL Injection vulnerability in Keysight Database Connector
An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence.
network
low complexity
keysight CWE-89
7.5