49 matches found
CVE-2021-22798
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox All Versions...
EUVD-2022-35588
Malicious code in bioql PyPI...
EUVD-2022-35587
Malicious code in bioql PyPI...
EUVD-2021-9933
Malicious code in bioql PyPI...
EUVD-2022-35586
Malicious code in bioql PyPI...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
Design/Logic Flaw
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
Authentication flaw
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
Cross site request forgery (csrf)
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32517
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
CVE-2022-32515
Conext ComBox is affected by CWE-307 due to insufficient restriction of excessive authentication attempts on the admin login form. The vulnerability exists in all versions and could enable brute-force takeover of the admin account when rate limiting is not implemented. The connected sources confi...
Schneider Electric Conext ComBox 安全漏洞
The Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric France. A security vulnerability exists in the Schneider Electric Conext ComBox that stems from an improper restriction on its rendering UI layer or frames that could allow an attacker t...
Schneider Electric Conext ComBox 跨站请求伪造漏洞
The Schneider Electric Conext ComBox is a communication and monitoring device from Schneider Electric France. The Schneider Electric Conext ComBox suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, which induces a reque...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32515
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...
CVE-2022-32517
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames ...
Schneider Electric Conext ComBox 安全漏洞
Schneider Electric Conext ComBox is a powerful communication and monitoring device from Schneider Electric, a French company. A security vulnerability exists in all versions of the Schneider Electric Conext ComBox that stems from an incorrect limit on the number of authentication attempts that...
CVE-2022-32516
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery CSRF. Affected Products: Conext™ ComBox All Versions...