2124 matches found
CVE-2023-45598
Summary: CVE-2023-45598 affects AiLux imx6 bundle prior to version imx6_1.0.7-2, via a vulnerability in the web application’s “measure” functionality. The root cause is a CWE-425 Direct Request (Forced Browsing)/Missing Authorization, allowing a remote unauthenticated attacker to access confident...
CVE-2023-45598
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-45597
A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...
CVE-2023-45596
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-45596
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-45596
The CVE-2023-45596 issue affects AiLux imx6 bundle prior to version imx6_1.0.7-2. A CWE-425 Direct Request/Forced Browsing vulnerability in the web app’s file_configuration functionality allows remote unauthenticated access to confidential configuration files. Root cause: missing/weak authorizati...
CVE-2023-45595
A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-45595
A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-45595
The CVE-2023-45595 entry documents a CWE-434 vulnerability in the AiLux imx6 bundle’s file_configuration functionality, allowing a remote authenticated attacker to upload arbitrary file types to the device. Affected product: AiLux imx6 bundle prior to version imx6_1.0.7-2. Root cause: Unrestricte...
CVE-2023-45593
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...
CVE-2023-45593
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...
CVE-2023-45592
CVE-2023-45592 affects AiLux imx6 bundle, with the vulnerable component being the embedded Chromium browser operated with the --no-sandbox option under root privileges. The root cause is execution with unnecessary privileges, which could exacerbate impact from attacks against the embedded browser...
CVE-2023-45591
A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...
CVE-2023-45591
A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...
CVE-2023-5456
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version...
CVE-2023-5456
A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version...
CVE-2023-5457
A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...
CVE-2023-5457
A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...
CVE-2023-5457
CVE-2023-5457 is a CWE-1269 issue in the Django-based application where debug=True in Django causes exposure of sensitive information. It affects AiLux imx6 bundle prior to version imx6_1.0.7-2. Root cause: non-release configuration leaking data. Impact: confidentiality, integrity, and availabili...
CVE-2023-5456
CVE-2023-5456 is a CWE-798 vulnerability affecting AiLux imx6 bundle prior to version imx6_1.0.7-2. The issue arises from hard-coded credentials in the MariaDB database used by the web application, enabling a remote unauthenticated attacker to access the database service and all data with the web...