Article No° | Product Name | Affected Version(s) |
---|---|---|
217229 | WHA-GW-F2D2-0-AS- Z2-ETH | = 3.0.7 |
217229 | WHA-GW-F2D2-0-AS- Z2-ETH | = 3.0.8 |
217229 | WHA-GW-F2D2-0-AS- Z2-ETH | = 3.0.9 |
252863 | WHA-GW-F2D2-0-AS- Z2-ETH.EIP | = 3.0.7 |
252863 | WHA-GW-F2D2-0-AS- Z2-ETH.EIP | = 3.0.8 |
252863 | WHA-GW-F2D2-0-AS- Z2-ETH.EIP | = 3.0.9 |
Critical vulnerabilities have been discovered in the product and in the utilized components jQuery by jQuery Team and TLS Version 1.0/1.1.
The impact of the vulnerabilities on the affected device may result in
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into ...
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, ...
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the ...
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containingelements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation ...
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods ...
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove some extra chars which results in the enclosed script logic ...
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the ...
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on ...
Pepperl+Fuchs analyzed and identified affected devices.
Remote attackers may exploit the vulnerability sending specially crafted packages that may result in a denial-of-service condition or code execution.
Firmware Version | Affected by |
3.0.7 | CVE-2020-11023, CVE-2020-11022, CVE-2020-7656, CVE-2019-11358, CVE-2016-10707, CVE-2015-9251, CVE-2014-6071, CVE-2012-6708, CVE-2011-4969, CVE-2007-2379, CVE-2021-33555, CVE-2021-34559, CVE-2021-34560, CVE-2021-34561, CVE-2021-34565 |
3.0.8 | CVE-2020-11023, CVE-2020-11022, CVE-2020-7656, CVE-2019-11358, CVE-2016-10707, CVE-2015-9251, CVE-2014-6071, CVE-2012-6708, CVE-2011-4969, CVE-2007-2379, CVE-2021-34559, CVE-2021-34560, CVE-2021-34561, CVE-2021-34562, CVE-2021-34563, CVE-2021-34565 |
3.0.9 | CVE-2021-34560, CVE-2021-34563, CVE-2021-34564, CVE-2013-0169, CVE-2021-34565 |
An external protective measure is required.
Pepperl+Fuchs
Coordinated by CERT@VDE