23 matches found
EUVD-2024-42140
Malicious code in bioql PyPI...
EUVD-2023-52481
Malicious code in bioql PyPI...
EUVD-2022-48014
Malicious code in bioql PyPI...
EUVD-2023-52478
Malicious code in bioql PyPI...
EUVD-2024-42135
Malicious code in bioql PyPI...
EUVD-2023-52479
Malicious code in bioql PyPI...
EUVD-2024-42138
Malicious code in bioql PyPI...
EUVD-2024-42137
Malicious code in bioql PyPI...
EUVD-2023-52480
Malicious code in bioql PyPI...
EUVD-2024-42139
Malicious code in bioql PyPI...
CVE-2024-46889
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...
CVE-2024-46892
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing...
CVE-2023-48428
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...
CVE-2023-48429
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...
CVE-2023-48430
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...
CVE-2022-45092
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 1. An authenticated remote attacker with access to the Web Based Management 443/tcp of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might...
CVE-2024-46890
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code...
CVE-2024-46891
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources an...
PT-2024-8705 · Siemens · Sinec Ins
Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 3 Description: A vulnerability has been identified in the affected application, which does not properly sanitize user-provided paths for SFTP-based file up- and downloads. This could allow an...
PT-2024-8709 · Siemens · Sinec Ins
Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 3 Description: A vulnerability has been identified in the affected application where it does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacke...