cbcvebase.

Ailux Imx6 Bundle vulnerabilities

12 known vulnerabilities affecting ailux/imx6_bundle.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2023-5456P2CRITICALCVSS 9.8fixed in 1.0.7-22024-03-05
CVE-2023-5456 [CRITICAL] CWE-798 CVE-2023-5456: A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web applicati A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
CVE-2023-5457P3CRITICALCVSS 9.8fixed in 1.0.7-22024-03-05
CVE-2023-5457 [CRITICAL] CWE-1269 CVE-2023-5457: A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of
nvd
CVE-2023-45595P3HIGHCVSS 8.8fixed in 1.0.7-22024-03-05
CVE-2023-45595 [HIGH] CWE-434 CVE-2023-45595: A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
CVE-2023-45599P3HIGHCVSS 8.8fixed in 1.0.7-22024-03-05
CVE-2023-45599 [HIGH] CWE-646 CVE-2023-45599: A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
CVE-2023-45592P3CRITICALCVSS 9.8fixed in 1.0.7-22024-03-05
CVE-2023-45592 [CRITICAL] CWE-250 CVE-2023-45592: A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (du A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
CVE-2023-45591P3HIGHCVSS 8.8fixed in 1.0.7-22024-03-05
CVE-2023-45591 [HIGH] CWE-122 CVE-2023-45591: A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (roo
nvd
CVE-2023-45600P3CRITICALCVSS 9.8fixed in 1.0.7-22024-03-05
CVE-2023-45600 [CRITICAL] CWE-613 CVE-2023-45600: A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
CVE-2023-45597P3CRITICALCVSS 9.0fixed in 1.0.7-22024-03-05
CVE-2023-45597 [CRITICAL] CWE-1236 CVE-2023-45597: A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_co A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7
nvd
CVE-2023-45596P4MEDIUMCVSS 5.3fixed in 1.0.7-22024-03-05
CVE-2023-45596 [MEDIUM] CWE-425 CVE-2023-45596: A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionali A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
CVE-2023-45594P4MEDIUMCVSS 6.8fixed in 1.0.7-22024-03-05
CVE-2023-45594 [MEDIUM] CWE-552 CVE-2023-45594: A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromi A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.
nvd
CVE-2023-45593P4MEDIUMCVSS 6.8fixed in 1.0.7-22024-03-05
CVE-2023-45593 [MEDIUM] CWE-184 CVE-2023-45593: A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (con A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentialit
nvd
CVE-2023-45598P4MEDIUMCVSS 5.3fixed in 1.0.7-22024-03-05
CVE-2023-45598 [MEDIUM] CWE-425 CVE-2023-45598: A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the w A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
nvd
Ailux Imx6 Bundle vulnerabilities | cvebase