EUVD-2022-42600

Malicious code in bioql PyPI...

EUVD-2022-42604

Malicious code in bioql PyPI...

CVE-2022-3183

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability...

CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to...

Design/Logic Flaw

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

CVE-2022-3188

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 are affected by an authentication/authorization issue that allows unauthenticated users to open the PHP index page and download the device history file, exposing the latest actions by specific users. The issue is described across multiple sou...

CVE-2022-3188

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users...

CVE-2022-3187

The CVE-2022-3187 issue affects Dataprobe iBoot-PDU FW versions prior to 1.42.06162022. The vulnerability arises because certain PHP pages only validate when a valid database connection exists, but do not verify the user, allowing an attacker to read the state of outlets. The Red Hat/NVD and ICS ...

CVE-2022-3186

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 are affected by CVE-2022-3186 (Improper Access Control). The device’s main management page could be accessed from the cloud, enabling attackers to view other devices’ information. Affected product: Dataprobe iBoot-PDU firmware prior to 1.42.0...

CVE-2022-3185

CVE-2022-3185 affects Dataprobe iBoot-PDU FW versions prior to 1.42.06162022, where the device exposes sensitive data. The ICS/Redhat/NVD entries describe this vulnerability as an information disclosure issue (CVE-2022-3185) within the broader iBoot-PDU flaw set. Mitigation documented in PT-2022-...

CVE-2022-3184

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 are affected by CVE-2022-3184, a path traversal vulnerability that allows unauthenticated access to an old PHP page and could let an attacker write a file to the webroot. Affected product: Dataprobe iBoot-PDU firmware before 1.42.06162022. Im...

CVE-2022-3183

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 are affected by CVE-2022-3183, an OS command injection vulnerability in a user-input handling function. The issue enables unauthenticated command execution via the device’s web interface, as documented by CISA ICS and NVD summaries. Affected ...

CVE-2022-3183

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability...