22 matches found
EUVD-2023-52316
Malicious code in bioql PyPI...
EUVD-2023-52314
Malicious code in bioql PyPI...
EUVD-2023-52311
Malicious code in bioql PyPI...
CVE-2023-48246
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48242
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48247
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...
CVE-2023-48246
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48242
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
Remote code execution
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution RCE with root privileges on the device...
Design/Logic Flaw
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user “root” via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users...
Cross site request forgery (csrf)
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
Cross site request forgery (csrf)
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
Cross site request forgery (csrf)
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48249
The CVE-2023-48249 entry concerns Bosch Nexo Cordless Nutrunner devices. Affected component: the application layer handling HTTP requests on these devices. Root cause: an authenticated remote attacker can enumerate arbitrary folders across all system paths under the application OS user (root) via...
CVE-2023-48247
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48247
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48246
The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...