71 matches found
CVE-2021-22794
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause remote code execution. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...
CVE-2021-22795
A CWE-78 Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert V7.8.1 and prior...
EUVD-2021-9930
Malicious code in bioql PyPI...
EUVD-2023-29505
Malicious code in bioql PyPI...
EUVD-2023-29507
Malicious code in bioql PyPI...
EUVD-2023-29502
Malicious code in bioql PyPI...
EUVD-2023-29504
Malicious code in bioql PyPI...
EUVD-2023-29506
Malicious code in bioql PyPI...
EUVD-2023-29503
Malicious code in bioql PyPI...
EUVD-2023-29499
Malicious code in bioql PyPI...
EUVD-2023-29501
Malicious code in bioql PyPI...
EUVD-2021-9929
Malicious code in bioql PyPI...
Schneider Electric StruxureWare Data Center Expert Access Control Error Vulnerability
Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...
Schneider Electric StruxureWare Data Center Expert Access Control Error Vulnerability (CNVD-2023-37594)
Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...
CVE-2023-25551
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25547
A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25553
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25551
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25550
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert V7.9.2 and prior...
CVE-2023-25554
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that allows a local privilege escalation on the appliance when a maliciously crafted Operating System command is entered on the device. Affected products: StruxureWare Data Cent...