37 matches found
EUVD-2023-44750
Malicious code in bioql PyPI...
EUVD-2023-49520
Malicious code in bioql PyPI...
EUVD-2023-50024
Malicious code in bioql PyPI...
Westermo L210-F2G Lynx Security Vulnerability
The Westermo L210-F2G Lynx is an industrial switch from Westermo Sweden. A security vulnerability exists in the Westermo L210-F2G Lynx. An attacker could exploit the vulnerability to cause a denial of service by repeatedly sending a large number of packets...
Westermo Lynx Cross-site Scripting (CVE-2023-42765)
An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'username' parameter in the SNMP configuration. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Westermo Lynx 206-F2G Cleartext Transmission of Sensitive Information (CVE-2023-40544)
An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-45222)
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'autorefresh' parameter. This plugin only works with Tenable.ot. Please visit...
Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-40143)
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'forward.0.domain' parameter. This plugin only works with Tenable.ot. Please visit...
Westermo Lynx 206-F2G Improper Control of Generation of Code (CVE-2023-45735)
A potential attacker with access to the device would be able to execute malicious code that could affect the correct functioning of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Westermo Lynx 206-F2G Cross-Site Request Forgery (CVE-2023-38579)
The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...
Westermo Lynx 206-F2G Improper Neutralization of Input During Web Page Generation (CVE-2023-45227)
An attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the 'dns.0.server' parameter. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Westermo Lynx 206-F2G Permissive Cross-Domain Policy with Untrusted Domains (CVE-2023-45213)
A potential attacker with access to the device would be able to execute malicious code that could affect the correct functioning of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
CVE-2023-45735
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device...
CVE-2023-40143
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...
CVE-2023-45213
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device...
CVE-2023-40143
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...
CVE-2023-40143 Westermo Lynx
An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter...
CVE-2023-45735
CVE-2023-45735 affects Westermo Lynx devices (206-F2G) running Westermo WeOS. The vulnerability is classified as Code Injection (CWE-94) with improper input handling in web interface, allowing a remote attacker with network access and low attack complexity to execute malicious code and potentiall...
CVE-2023-45735 Westermo Lynx Code Injection
A potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device...
CVE-2023-45213 Westermo Lynx Permissive Cross-domain Policy with Untrusted Domains
A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device...