Aviv Vinograzki

#5214of 53,638
50.9Total CVSS
Vulnerabilities · 6
Medium
1
High
3
Critical
2
PT-2024-29876
9.8
2024-08-20
Servision · Servision · CVE-2024-42336
**Name of the Vulnerable Software and Affected Versions** Servision (affected versions not specified) **Description** The issue concerns improper authentication, which is a type of security flaw where authentication mechanisms are not properly implemented, potentially allowing unauthorized access. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-23667
9.8
2023-06-12
Milesight · Milesight Ncr/Camera · CVE-2023-32220
**Name of the Vulnerable Software and Affected Versions** Milesight NCR/camera version 71.8.0.6-r5 **Description** The issue allows authentication bypass through an unspecified method. **Recommendations** For Milesight NCR/camera version 71.8.0.6-r5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-18726
8.8
2023-01-14
Tiki · Tiki · CVE-2023-22850
**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 24.1 **Description** The issue allows PHP Object Injection in lib/sheet/grid.php due to an unserialize call when the Spreadsheets feature is enabled. **Recommendations** For versions prior to 24.1, update to version 24.1 or later to resolve the issue. As a temporary workaround, consider disabling the Spreadsheets feature until a patch is available.
PT-2023-18727
7.2
2023-01-14
Tiki · Tiki · CVE-2023-22851
**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 24.2 **Description** The issue allows PHP Object Injection in lib/importer/tikiimporter blog wordpress.php by an admin due to an unserialize call. **Recommendations** For versions prior to 24.2, update to version 24.2 or later to resolve the issue.
PT-2023-18728
6.5
2023-01-14
Tiki · Tiki · CVE-2023-22852
**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 25.0 **Description** The issue allows for CSRF attacks related to `tiki-importer.php` and `tiki-import sheet.php`. **Recommendations** For versions prior to 25.0, update to version 25.0 or later to resolve the issue.
PT-2023-18729
8.8
2023-01-14
Tiki · Tiki · CVE-2023-22853
**Name of the Vulnerable Software and Affected Versions** Tiki versions prior to 24.1 **Description** The issue allows PHP Object Injection in lib/structures/structlib.php due to an eval when the feature create webhelp is enabled. **Recommendations** For versions prior to 24.1, update to version 24.1 or later to resolve the issue. As a temporary workaround, consider disabling the feature create webhelp to minimize the risk of exploitation.