Vulnerabilities > Ailux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-05 | CVE-2023-45591 | Unspecified vulnerability in Ailux Imx6 A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. | 8.8 |
| 2024-03-05 | CVE-2023-45592 | Unspecified vulnerability in Ailux Imx6 A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser (due to the binary being executed with the “--no-sandbox” option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. | 9.8 |
| 2024-03-05 | CVE-2023-45595 | Unspecified vulnerability in Ailux Imx6 A CWE-434 “Unrestricted Upload of File with Dangerous Type” vulnerability in the “file_configuration” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. | 8.8 |
| 2024-03-05 | CVE-2023-45597 | Unspecified vulnerability in Ailux Imx6 A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “file_configuration” functionality of the web application (concerning the function “export_file”) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. | 9.0 |
| 2024-03-05 | CVE-2023-45599 | Unspecified vulnerability in Ailux Imx6 A CWE-646 “Reliance on File Name or Extension of Externally-Supplied File” vulnerability in the “iec61850” functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. | 8.8 |
| 2024-03-05 | CVE-2023-45600 | Unspecified vulnerability in Ailux Imx6 A CWE-613 “Insufficient Session Expiration” vulnerability in the web application, due to the session cookie “sessionid” lasting two weeks, facilitates session hijacking attacks against victims. | 9.8 |
| 2024-03-05 | CVE-2023-5457 | Unspecified vulnerability in Ailux Imx6 A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. | 9.8 |
| 2024-03-05 | CVE-2023-5456 | Unspecified vulnerability in Ailux Imx6 A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. | 9.8 |