CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45600

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45594

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This...

EUVD-2023-49887

Malicious code in bioql PyPI...

EUVD-2023-49885

Malicious code in bioql PyPI...

EUVD-2023-49890

Malicious code in bioql PyPI...

EUVD-2023-49889

Malicious code in bioql PyPI...

EUVD-2023-49888

Malicious code in bioql PyPI...

EUVD-2023-49891

Malicious code in bioql PyPI...

EUVD-2023-57771

Malicious code in bioql PyPI...

EUVD-2023-49883

Malicious code in bioql PyPI...

EUVD-2023-49892

Malicious code in bioql PyPI...

EUVD-2023-57770

Malicious code in bioql PyPI...

EUVD-2023-49884

Malicious code in bioql PyPI...

CVE-2023-5457

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...

CVE-2023-45599

A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version...

CVE-2023-45595

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

CVE-2023-45591

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

CVE-2023-45596

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...