Vulnerabilities > Sharp > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2024-45842 Path Traversal vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests.
network
low complexity
toshibatec sharp CWE-22
5.3
2024-10-25 CVE-2024-47549 Improper Encoding or Escaping of Output vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
network
low complexity
toshibatec sharp CWE-116
6.1
2024-10-25 CVE-2024-47801 Cross-site Scripting vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
network
low complexity
toshibatec sharp CWE-79
6.1
2024-10-25 CVE-2024-48870 Cross-site Scripting vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
network
low complexity
toshibatec sharp CWE-79
4.8
2024-02-14 CVE-2024-23784 Unspecified vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product.
low complexity
sharp
6.5
2024-02-14 CVE-2024-23785 Cross-Site Request Forgery (CSRF) vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings.
network
low complexity
sharp CWE-352
6.5
2024-02-14 CVE-2024-23787 Path Traversal vulnerability in Sharp Jh-Rv11 Firmware and Jh-Rvb1 Firmware
Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product.
low complexity
sharp CWE-22
6.5
2019-06-06 CVE-2019-12762 Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
high complexity
mi sony samsung google sharp fujitsu
4.2
2017-11-17 CVE-2017-10890 Session Fixation vulnerability in Sharp products
Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.
low complexity
sharp CWE-384
4.6
2016-04-05 CVE-2016-1176 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sharp EVA Animator
Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page.
network
low complexity
sharp CWE-119
6.3