Ailux Imx6 Bundle
12 CVEs affecting Ailux Imx6 Bundle. Latest disclosed: 2024-03-05. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-5456 | High | 8.1 | 2024-03-05 | A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the d… |
CVE-2023-45591 | High | 7.5 | 2024-03-05 | A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger… |
CVE-2023-5457 | High | 7.5 | 2024-03-05 | A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configurat… |
CVE-2023-45594 | Medium | 6.8 | 2024-03-05 | A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily downlo… |
CVE-2023-45593 | Medium | 6.8 | 2024-03-05 | A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http… |
CVE-2023-45592 | Medium | 6.8 | 2024-03-05 | A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” opti… |
CVE-2023-45597 | Medium | 5.9 | 2024-03-05 | A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerni… |
CVE-2023-45595 | Medium | 5.9 | 2024-03-05 | A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote auth… |
CVE-2023-45600 | Medium | 5.6 | 2024-03-05 | A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session… |
CVE-2023-45599 | Medium | 5.5 | 2024-03-05 | A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote… |
CVE-2023-45598 | Medium | 5.3 | 2024-03-05 | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to… |
CVE-2023-45596 | Medium | 5.3 | 2024-03-05 | A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated a… |