Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-47526 | 1 Fox-it | 2 Fox Datadiode, Fox Datadiode Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. | |||||
CVE-2022-47525 | 1 Fox-it | 2 Fox Datadiode, Fox Datadiode Firmware | 2024-11-21 | N/A | 7.5 HIGH |
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction. | |||||
CVE-2014-2358 | 1 Fox-it | 1 Fox Datadiode | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) create administrative users, (2) remove administrative users, or (3) change permissions. |