Lucene search
K

14 matches found

OSV
OSV
added 2024/03/05 12:15 p.m.6 views

CVE-2023-5457

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...

9.8CVSS5.9AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 12:15 p.m.3 views

CVE-2023-45600

A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 12:15 p.m.4 views

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References1
NVD
NVD
added 2024/03/05 12:15 p.m.13 views

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

9CVSS5.5AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2024/03/05 12:15 p.m.20 views

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS5.3AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 12:15 p.m.6 views

CVE-2023-45594

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This...

6.8CVSS5.8AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2024/03/05 12:15 p.m.5 views

CVE-2023-45591

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

8.8CVSS6.1AI score0.00728EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 12:15 p.m.16 views

Unrestricted file upload

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.4CVSS7AI score0.00423EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 12:15 p.m.11 views

Heap overflow

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

4.6CVSS7.8AI score0.00728EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/05 11:29 a.m.25 views

CVE-2023-45595

A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “fileconfiguration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.9CVSS5.8AI score0.00423EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/05 11:27 a.m.26 views

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

6.8CVSS6.6AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/05 11:19 a.m.14 views

CVE-2023-45591

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “loggergeneric” function of the “Axrtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service DoS condition, possibly in the execution of arbitra...

7.5CVSS8AI score0.00728EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/05 11:15 a.m.34 views

CVE-2023-5457

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application due to the “debug” configuration parameter set to “True” allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to t...

7.5CVSS7.7AI score0.00644EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.4 views

AiLux imx6 Security Vulnerability

AiLux imx6 is a computing module from AiLux. A security vulnerability exists in versions prior to AiLux imx6 bundle imx61.0.7-2 that stems from a lack of authorization and allows an unauthenticated, remote attacker to access confidential configuration files...

5.3CVSS6.8AI score0.00487EPSS
Exploits0References2
Rows per page
Query Builder