EUVD-2021-31301

Malicious code in bioql PyPI...

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

CVE-2021-44464

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

CVE-2021-44464

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

CVE-2021-33846

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

CVE-2021-33846

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

CVE-2021-44464

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

CVE-2021-33848

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

CVE-2021-23195

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 has the option for automated indexing directory listing activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all...

Design/Logic Flaw

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

Cross site scripting

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 is vulnerable to reflected cross-site scripting attacks. An attacker could inject JavaScript in a GET parameter of HTTP requests and perform unauthorized actions such as stealing internal information and performing actions...

Authentication flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...

Design/Logic Flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

CVE-2021-43355

The CVE-2021-43355 entry concerns Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) v2.0.1.3, where client-side input validation is performed without server-side authentication, allowing a user to bypass checks and login with service privileges. The root cause is misuse of client-side ...

CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System use of client side authentication

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

CVE-2021-44464 Fresenius Kabi Agilia Connect Infusion System hard coded credentials

Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 contains service credentials likely to be common across all instances. An attacker in possession of the password may gain privileges on all installations of this software...

CVE-2021-44464

Vigilant Software Suite MasterMed Dashboard, version 2.0.1.3, contains credentials used across all installations. An attacker who obtains the password may gain privileges on every installation of this software. The issue is documented in multiple sources, including Red Hat and NVD entries, with m...

CVE-2021-23195

CVE-2021-23195 affects Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) 2.0.1.3. The issue is exposure of information through directory listing: if directory listing is enabled and no index file exists, a web server may return entire directory contents in HTML, enabling an attacker to...