34 matches found
EUVD-2022-27955
Malicious code in bioql PyPI...
EUVD-2022-27953
Malicious code in bioql PyPI...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...
CVE-2022-22811
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...
CVE-2022-22809
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...
CVE-2022-22810
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...
CVE-2021-22806
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk V2.6.1 and prior, Wiser for KNX V2.6.1 and prior, fellerLYnk V2.6.1 and prior...
CVE-2021-22806
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk V2.6.1 and prior, Wiser for KNX V2.6.1 and prior, fellerLYnk V2.6.1 and prior...
CVE-2021-22806
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk V2.6.1 and prior, Wiser for KNX V2.6.1 and prior, fellerLYnk V2.6.1 and prior...
Design/Logic Flaw
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk V2.6.1 and prior, Wiser for KNX V2.6.1 and prior, fellerLYnk V2.6.1 and prior...
CVE-2021-22806
The CVE-2021-22806 entry concerns a CWE-669 vulnerability (Incorrect Resource Transfer Between Spheres) affecting Schneider Electric products: spaceLYnk (version 2.6.1 and prior), Wiser for KNX (version 2.6.1 and prior), and fellerLYnk (version 2.6.1 and prior). The issue could lead to data exfil...
Schneider Electric 多款产品安全漏洞
Schneider Electric spaceLYnk and Wiser for KNX are both products of Schneider Electric, a French company. spaceLYnk is a programmable logic controller. wiser for KNX is a home automation control system. A security vulnerability exists in several Schneider Electric products that originates from...
CVE-2022-22810
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...
CVE-2022-22811
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...
CVE-2022-22811
A CWE-352: Cross-Site Request Forgery CSRF vulnerability exists that could induce users to perform unintended actions, leading to the override of the system�s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX...
CVE-2022-22809
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly...
CVE-2022-22810
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk V2.6.2 and prior, Wiser for KNX formerly homeLYnk V2.6.2 and prior, fellerLYn...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...
CVE-2022-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...