11 matches found
EUVD-2022-31074
Malicious code in bioql PyPI...
EUVD-2025-13920
Malicious code in bioql PyPI...
BIT-AIRFLOW-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version...
CVE-2022-26516
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...
Code injection
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...
CVE-2022-26516 ICSA-22-104-03 Red Lion DA50N
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment...
CVE-2022-26516
CVE-2022-26516 affects Red Lion DA50N gateways. The weakness is Insufficient Verification of Data Authenticity (web UI update process), allowing an authorized user to install a maliciously modified package file if it’s sourced from unauthorized or compromised files between download and deployment...
Red Lion DA50N Data Forgery Issue Vulnerability
The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. The Red Lion DA50N is vulnerable to a data forgery issue that stems from the possibility that an authorized user could install a maliciously modified package file when updating the device via the Web UI, and that...
CVE-2018-7688
A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions...
CVE-2012-6442 Rockwell Automation ControlLogix PLC Improper Access Control
When an affected product receives a valid CIP message from an unauthorized or unintended source to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP that instructs the product to reset, a DoS can occur. This situation could cause loss of availability and a disruption of communicatio...
SquirrelMail未授权源代码修改包被入侵漏洞
BUGTRAQ ID: 26879 CNCAN ID:CNCAN-2007121804 SquirrelMail是一款流行的开放源代码的WEB MAIl程序。 SquirrelMail供应商报告源代码被入侵修改,存在很大的安全隐患,使用此不安全代码可导致以WEB权限执行任意指令。 目前没有详细漏洞细节提供。 SquirrelMail SquirrelMail 1.4.12 SquirrelMail SquirrelMail 1.4.11 升级程序: SquirrelMail SquirrelMail 1.4.11 SquirrelMail squirrelmail-1.4.13.tar....