A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-21
Updated
2023-07-31
A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-21
Updated
2023-07-31
A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-07-21
Updated
2023-07-31
Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.
Max CVSS
9.6
EPSS Score
0.05%
Published
2023-03-31
Updated
2023-04-06
Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.
Max CVSS
8.8
EPSS Score
0.11%
Published
2023-03-31
Updated
2023-04-06
Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-12-19
Updated
2024-01-02
Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-12-19
Updated
2024-01-02
Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.
Max CVSS
8.6
EPSS Score
0.06%
Published
2023-09-06
Updated
2023-09-08
Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.
Max CVSS
8.6
EPSS Score
0.06%
Published
2023-09-06
Updated
2023-09-08
Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are vulnerable to CSRFs that can be exploited to allow an attacker to perform changes with administrator level privileges.
Max CVSS
8.8
EPSS Score
0.06%
Published
2023-01-17
Updated
2023-01-24
Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software.
Max CVSS
5.5
EPSS Score
0.06%
Published
2021-07-09
Updated
2021-07-13
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
Max CVSS
10.0
EPSS Score
1.02%
Published
2021-02-05
Updated
2022-07-12
Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI.
Max CVSS
7.5
EPSS Score
0.13%
Published
2020-12-28
Updated
2020-12-30
Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is just the asdf keyboard row in reverse order).
Max CVSS
6.8
EPSS Score
0.08%
Published
2020-12-28
Updated
2020-12-30
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.
Max CVSS
7.8
EPSS Score
0.10%
Published
2021-01-26
Updated
2021-01-29
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-05-20
Updated
2023-03-03
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."
Max CVSS
9.8
EPSS Score
0.26%
Published
2020-05-19
Updated
2020-05-20
The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-11-14
Updated
2020-05-19
The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-11-14
Updated
2020-08-24
The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-11-14
Updated
2020-08-24
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user triggering incompatible type errors because the resource does not have expected properties. This may lead to remote code execution.
Max CVSS
7.8
EPSS Score
0.26%
Published
2019-06-07
Updated
2020-10-06
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
Max CVSS
7.8
EPSS Score
0.89%
Published
2019-06-07
Updated
2020-10-16
Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.35%
Published
2020-05-20
Updated
2023-07-13
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-09-12
Updated
2019-09-13
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Max CVSS
7.8
EPSS Score
0.08%
Published
2019-01-09
Updated
2019-02-26
42 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!