Every CVE whose affected-product data names Bosch Nexo-os, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2023-48253 — CVSS 8.8 (high): The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted…
CVE-2023-48252 — CVSS 8.8 (high): The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests.
CVE-2023-48263 — CVSS 8.1 (high): The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code…
CVE-2023-48262 — CVSS 8.1 (high): The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code…
CVE-2023-48266 — CVSS 8.1 (high): The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code…
CVE-2023-48265 — CVSS 8.1 (high): The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code…
CVE-2023-48264 — CVSS 8.1 (high): The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code…
CVE-2023-48243 — CVSS 8.1 (high): The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS…
CVE-2023-48250 — CVSS 8.1 (high): The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded…
CVE-2023-48251 — CVSS 8.1 (high): The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.
CVE-2023-48257 — CVSS 7.8 (high): The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE)…
CVE-2023-48242 — CVSS 6.5 (medium): The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the…
CVE-2023-48245 — CVSS 6.5 (medium): The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user…
CVE-2023-48246 — CVSS 6.5 (medium): The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS…
CVE-2023-48249 — CVSS 6.5 (medium): The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the…
CVE-2023-48255 — CVSS 6.3 (medium): The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code…
CVE-2023-48248 — CVSS 5.5 (medium): The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script…
CVE-2023-48258 — CVSS 5.5 (medium): The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a…
CVE-2023-48261 — CVSS 5.3 (medium): The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48254 — CVSS 5.3 (medium): The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a…
CVE-2023-48247 — CVSS 5.3 (medium): The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user…
CVE-2023-48256 — CVSS 5.3 (medium): The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s…
CVE-2023-48244 — CVSS 5.3 (medium): The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a…
CVE-2023-48259 — CVSS 5.3 (medium): The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-48260 — CVSS 5.3 (medium): The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.