EUVD-2022-27666

Malicious code in bioql PyPI...

Helmholz myREX24、MB Connect Line mymbCONNECT24和MB Connect Line mbCONNECT24 安全漏洞

MB Connect Line mbCONNECT24 and others are products of MB Connect Line, Germany.MB Connect Line mbCONNECT24 is a suite of remote service portals.MB Connect Line mymbCONNECT24 is an on-premise remote maintenance for virtual environments. Helmholz myREX24 and others are products of Helmholz. Helmho...

Helmholz myREX24、MB Connect Line mymbCONNECT24和MB Connect Line mbCONNECT24 安全漏洞

MB Connect Line mbCONNECT24 and others are products of MB Connect Line, Germany.MB Connect Line mbCONNECT24 is a suite of remote service portals.MB Connect Line mymbCONNECT24 is an on-premise remote maintenance for virtual environments. Helmholz myREX24 and others are products of Helmholz. Helmho...

CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

CVE-2023-4834

Summary: CVE-2023-4834 affects Red Lion Europe mbCONNECT24, mymbCONNECT24, and Helmholz myREX24 / myREX24.virtual up to version 2.14.2. The root cause is an improperly implemented access validation, enabling an authenticated, low-privileged attacker to read limited, non-critical device informatio...

CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he shoul...

CVE-2023-0985

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version = 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin...

CVE-2023-1779

Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions =2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact...

Information disclosure

Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions =2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact...

CVE-2023-1779

CVE-2023-1779 affects MB Connect Line products mbCONNECT24, mymbCONNECT24, Helmholz’ myREX24 and myREX24.virtual (versions

CVE-2023-0985

The CVE-2023-0985 entry concerns an Authorization Bypass in MB Connect Line mbCONNECT24, mymbCONNECT24 and Helmholz’ myREX24 and myREX24.virtual (versions ≤ 2.13.3). The root cause is an authenticated, low-privilege user being able to change the password of any user in the same account, enabling ...

PT-2023-16666 · Helmholz +1 · Myrex24 +2

Name of the Vulnerable Software and Affected Versions: MB Connect Lines mbCONNECT24 versions = 2.13.3 mymbCONNECT24 versions = 2.13.3 Helmholz' myREX24 versions = 2.13.3 Helmholz' myREX24.virtual versions = 2.13.3 Description: An Authorization Bypass issue allows an authenticated remote user with...

PT-2023-17239 · Unknown +1 · Mbconnect24 +2

Name of the Vulnerable Software and Affected Versions: mbCONNECT24 versions =2.13.3 mymbCONNECT24 versions =2.13.3 myREX24 versions =2.13.3 myREX24.virtual versions =2.13.3 Description: The issue allows an authorized remote attacker with low privileges to view a limited amount of another account'...

CVE-2022-22520

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...

Code injection

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...

CVE-2022-22520

CVE-2022-22520 describes a remote, unauthenticated user enumeration vulnerability in MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual up to v2.11.2. The underlying issue is that the webservice allows attackers to enumerate valid users by sending specific...

CVE-2021-34574

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...

Design/Logic Flaw

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to t...