EUVD-2024-16558

Malicious code in bioql PyPI...

CVE-2024-0770

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approache...

CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

CVE-2024-0770

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approache...

Design/Logic Flaw

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approache...

CVE-2024-0770

CVE-2024-0770 affects European Chemicals Agency IUCLID on Windows, specifically the Desktop Installer component’s file iuclid6.exe . The vulnerability is described as an unknown function that allows manipulation leading to incorrect default permissions, with local access required to exploit. Docu...

CVE-2024-0770 European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approache...

CVE-2024-0770 European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approache...

CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

CVE-2023-26546

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template manager permission...

CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

CVE-2023-26546

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template manager permission...

Authentication flaw

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

PT-2023-20479 · European Chemicals Agency · Iuclid

Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID versions 5.15.0 through 6.27.5 Description: The issue allows authentication bypass due to a weak hard-coded secret used for JWT signing. Recommendations: For versions 5.15.0 through 6.27.5, update to version...

CVE-2023-26089

CVE-2023-26089 affects European Chemicals Agency IUCLID 6.x (versions 5.15.0–6.27.5). The issue is authentication bypass caused by a weak, hard-coded secret used for JWT signing. Public docs in connected sources confirm the root cause and affected versions; Red Hat/PRION/NVD entries reiterate the...

CVE-2023-26089

European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5...

CVE-2023-26546

CVE-2023-26546 : IUCLID versions prior to 6.27.6 are vulnerable to Server Side Template Injection (SSTI). Remote authenticated users with template manager permission can execute arbitrary code via a crafted template file. Root cause is SSTI in the template handling. A fix exists in IUCLID 6.27.6 ...

IUCLID 安全漏洞

IUCLID is a software application organized by the European Chemicals Agency. It is used to capture, store, maintain and exchange data on the intrinsic and hazardous properties of chemical substances. A security vulnerability exists in IUCLID versions prior to 6.27.6 that originates from a...

CVE-2023-26546

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection SSTI with a crafted template file. The attacker must have template manager permission...