CVE-2023-3000
published 2023-06-02CVE-2023-3000: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.79%
51.7th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.
This issue affects ErMon: before 230602.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| erikoglu_technology | ermon | < 230602 | 230602 |
| erikogluteknoloji | energy_monitoring | < 230602 | 230602 |
| chrome_chrome | — | — | |
| msrc | windows_defender_antimalware_platform | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
vendor_cisco7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p4p8-q8qp-5cxj: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Ex
ghsa_unreviewed·2023-06-02
CVE-2023-3000 [CRITICAL] CWE-89 GHSA-p4p8-q8qp-5cxj: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Ex
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.
Chrome
Stable Channel Update for Desktop: CVE-2024-2626
vendor_chrome·2024-03-19·CVSS 6.5
CVE-2024-2626 [MEDIUM] Stable Channel Update for Desktop: CVE-2024-2626
Stable Channel Update for Desktop
CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22 [$4000][ 41493290 ] Medium CVE-2024-2627: Use after free in Canvas
Reported by Anonymous on 2024-01-21 [$3000][ 41487774 ] Medium CVE-2024-2628: Inappropriate implementation in Downloads
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2024-1669
vendor_chrome·2024-02-20·CVSS 8.8
CVE-2024-1669 [HIGH] Stable Channel Update for Desktop: CVE-2024-1669
Stable Channel Update for Desktop
CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26 [$5000][ 41481374 ] High CVE-2024-1670: Use after free in Mojo
Reported by Cassidy Kim(@cassidy6564) on 2023-12-06 [$3000][ 40069622 ] Medium CVE-2024-5500: Inappropriate Implementation in Sign-In
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2023-5856
vendor_chrome·2023-10-31·CVSS 8.8
CVE-2023-5856 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-5856
Stable Channel Update for Desktop
CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17 [N/A][ 1493435 ] Medium CVE-2023-5857: Inappropriate implementation in Downloads
Reported by Will Dormann on 2023-10-18 [$3000][ 1457704 ] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider
Severity: medium
Cisco
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
vendor_cisco·2023-08-23·CVSS 7.4
CVE-2023-20169 [HIGH] CWE-788 Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload.
This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which c
Cisco
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
vendor_cisco·2023-08-23·CVSS 5.4
CVE-2023-20115 [MEDIUM] CWE-671 Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device.
This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.
Cisco has released software updates
Chrome
Stable Channel Update for Desktop: CVE-2023-4430
vendor_chrome·2023-08-22·CVSS 8.1
CVE-2023-4430 [HIGH] Stable Channel Update for Desktop: CVE-2023-4430
Stable Channel Update for Desktop
CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02 [$3000][ 1469754 ] High CVE-2023-4429: Use after free in Loader
Reported by Anonymous on 2023-08-03 [$2000][ 1470477 ] High CVE-2023-4428: Out of bounds memory access in CSS
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2023-3214
vendor_chrome·2023-06-13·CVSS 8.8
CVE-2023-3214 [CRITICAL] Stable Channel Update for Desktop: CVE-2023-3214
Stable Channel Update for Desktop
CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01 [$3000][ 1446274 ] High CVE-2023-3215: Use after free in WebRTC
Reported by asnine on 2023-05-17 [$TBD][ 1450114 ] High CVE-2023-3216: Type Confusion in V8
Severity: critical
Chrome
Stable Channel Update for Desktop: CVE-2023-2937
vendor_chrome·2023-05-30·CVSS 4.3
CVE-2023-2937 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-2937
Stable Channel Update for Desktop
CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08 [$4000][ 1416350 ] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture
Reported by Alesandro Ortiz on 2023-02-15 [$3000][ 1427431 ] Medium CVE-2023-2939: Insufficient data validation in Installer
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-2464
vendor_chrome·2023-05-02·CVSS 4.3
CVE-2023-2464 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-2464
Stable Channel Update for Desktop
CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23 [$1000][ 1399862 ] Medium CVE-2023-2465: Inappropriate implementation in CORS
Reported by @kunte_ctf on 2022-12-10 [$3000][ 1385714 ] Low CVE-2023-2466: Inappropriate implementation in Prompts
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-1812
vendor_chrome·2023-04-04·CVSS 8.8
CVE-2023-1812 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-1812
Stable Channel Update for Desktop
CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22 [$5000][ 1423258 ] Medium CVE-2023-1813: Inappropriate implementation in Extensions
Reported by Axel Chong on 2023-03-10 [$3000][ 1417325 ] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-1216
vendor_chrome·2023-03-07·CVSS 8.8
CVE-2023-1216 [HIGH] Stable Channel Update for Desktop: CVE-2023-1216
Stable Channel Update for Desktop
CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21 [$3000][ 1412658 ] High CVE-2023-1217: Stack buffer overflow in Crash reporting
Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03 [$3000][ 1413628 ] High CVE-2023-1218: Use after free in WebRTC
Severity: high
Chrome
Stable Channel Update for Desktop: CVE-2023-1225
vendor_chrome·2023-03-07·CVSS 4.3
CVE-2023-1225 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-1225
Stable Channel Update for Desktop
CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20 [$3000][ 1013080 ] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API
Reported by Anonymous on 2019-10-10 [$3000][ 1348791 ] Medium CVE-2023-1227: Use after free in Core
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-1231
vendor_chrome·2023-03-07·CVSS 4.3
CVE-2023-1231 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-1231
Stable Channel Update for Desktop
CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Kirtikumar Anandrao Ramchandani via Yan Zhu of Brave on 2021-11-30 [$3000][ 813542 ] Low CVE-2023-2314: Insufficient data validation in DevTools
Reported by Rob Wu on 2018-02-19 [$2000][ 1346924 ] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing
Severity: medium
Chrome
Stable Channel Update for Desktop: CVE-2023-0131
vendor_chrome·2023-01-10·CVSS 6.5
CVE-2023-0131 [MEDIUM] Stable Channel Update for Desktop: CVE-2023-0131
Stable Channel Update for Desktop
CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 [$3000][ 1371215 ] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts
Reported by Jasper Rebane (popstonia) on 2022-10-05 [$3000][ 1375132 ] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts
Severity: medium
Cisco
Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2023-20169 Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
CVE-2023-20169: Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS pr
Cisco
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
vendor_cisco·CVSS 3.1
CVE-2023-20115 Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
CVE-2023-20115: Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. Cisco has released so
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-02
Published