58 matches found
EUVD-2022-24726
Malicious code in bioql PyPI...
EUVD-2021-28344
Malicious code in bioql PyPI...
EUVD-2022-24716
Malicious code in bioql PyPI...
EUVD-2022-24715
Malicious code in bioql PyPI...
Device42 CMDB Improper Access Control (CVE-2022-1401)
An improper access control vulnerability exists in Device42 CMDB. Successful exploitation of this vulnerability could allow a remote attacker to read sensitive files on the affected system...
CVE-2022-1410
OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1399
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1401
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1399
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
CVE-2022-1400
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1401
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...
CVE-2022-1410
OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
Hardcoded credentials
Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00...
Design/Logic Flaw
An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
Command injection
OS Command Injection vulnerability in the dboptimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions...
Improper access control
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...
The vulnerability of the Discovery component of the Device42 data center infrastructure management software allows a perpetrator to execute arbitrary code.
The vulnerability of the Discovery component of the Device42 data center infrastructure management software is related to the implementation or modification of arguments. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by creating an auto-detection task nix/CISCO...
The vulnerability of the WebReportsApi.dll software for managing the infrastructure of Device42’s data processing center allows a hacker to obtain the encryption key.
The vulnerability of the WebReportsApi.dll software for managing the infrastructure of Device42’s data processing center lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker operating remotely to obtain the encryption key...
The vulnerability of the db_optimize() function (applmgr/applmgrsite/views.py) in the Device42 data center infrastructure management software allows a perpetrator to execute arbitrary commands.
The vulnerability of the dboptimize function in the Device42 data center infrastructure management software exists because measures to neutralize special elements used in the operating system commands have not been implemented. Exploiting this vulnerability allows a remote attacker to execute...