EUVD-2020-0769

Malware in sbrugna...

MAL-2025-23305 Malicious code in iobroker.covid-19 (npm)

The package iobroker.covid-19 was found to contain malicious code...

Malicious code in iobroker.covid-19 (npm)

The package iobroker.covid-19 was found to contain malicious code...

iobroker.combustion-control (=0.0.1), jcode-ble (=0.0.1) +1 more potentially affected by CVE-2023-26109 via node-bluetooth-serial-port (=2.2.7)

node-bluetooth-serial-port NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-bluetooth-serial-port and may be impacted: - iobroker.combustion-control =0.0.1 - jcode-ble =0.0.1 - jcode-bluetooth =0.1.0, =0.9.2 Source cves:...

iobroker.combustion-control (=0.0.1), jcode-ble (=0.0.1) +1 more potentially affected by CVE-2023-26109 via node-bluetooth-serial-port (=2.2.7)

node-bluetooth-serial-port NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-bluetooth-serial-port and may be impacted: - iobroker.combustion-control =0.0.1 - jcode-ble =0.0.1 - jcode-bluetooth =0.1.0, =0.9.2 Source cves:...

iobroker.mieleathome (=0.0.4), t-motion-detector (=0.5.42) potentially affected by CVE-2019-10767 via iobroker.js-controller (=1.5.14)

iobroker.js-controller NPM version =1.5.14 is affected by a known vulnerability. The following packages have a transitive dependency on iobroker.js-controller and may be impacted: - iobroker.mieleathome =0.0.4 - t-motion-detector =0.5.42 Source cves: CVE-2019-10767 Source advisory:...

Cross-Site Scripting

Overview Versions of iobroker.web prior to 2.4.10 are vulnerable to Cross-Site Scripting. The package fails to escape URL parameters that may be reflected in the server response. This can be used by attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to versi...

iobroker.web Cross-Site Scripting Vulnerability

iobroker.web is a Node.js based web server for reading files from ioBroker DB. A cross-site scripting vulnerability exists in iobroker.web. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute...

ioBroker.admin Directory Traversal Vulnerability

iobroker.admin is the user interface for configuring and managing ioBroker. A directory traversal vulnerability exists in iobroker.admin versions prior to 3.6.12, which can be exploited by an attacker to access the contents of files outside of the /log/file1/ directory...

CVE-2019-10765

CVE-2019-10765 concerns iobroker.admin before 3.6.12. The vulnerability is a directory traversal flaw allowing an attacker to include file contents from outside the /log/file1/ directory. Multiple sources (GitHub advisory GHSA-54XJ-Q58H-9X57, npm advisory NODEJS:1346, CNVD, CVE records) describe ...

Cross-site Scripting (XSS)

Overview iobroker.web is a Web server on the base of Node.js and express to read the files from ioBroker DB. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Characters in the GET url path are not properly escaped and can be reflected in the server response. Details...

Directory Traversal

Overview iobroker.js-controller is a controller that is owning the central configuration of the ioBroker installation and controls and monitors all adapter processes for the current host. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file content...

Directory Traversal

Overview iobroker.admin is an User interface for configuration and administration of ioBroker. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file contents from outside the /log/file1/ directory. Note: The attacker has to be logged in if the...

iobroker.yahka (>=0.5.4 <=0.7.1) potentially affected by CVE-2018-13797 via macaddress (=0.2.8)

macaddress NPM version =0.2.8 is affected by a known vulnerability. The following packages have a transitive dependency on macaddress and may be impacted: - iobroker.yahka =0.5.4, =0.7.1 Source cves: CVE-2018-13797 Source advisory: OSV:GHSA-PP57-MQMH-44H7...