CVE-2022-48993

CVE-2022-48993 is rejected/not used per the initial description; no active vulnerability details are provided.

MAL-2024-9566 Malicious code in config.env-replace (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-45271

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation...

CVE-2024-45273

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used...

CVE-2024-45271

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation...

CVE-2024-45273

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used...

CVE-2024-45273 MB connect line/Helmholz: Weak encryption of configuration file

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used...

CVE-2024-45271 MB connect line/Helmholz: Remote code execution due to improper input validation

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation...

CVE-2024-45271

Consolidated data shows CVE-2024-45271 affects Helmholz Rex100 (wireless router). The vulnerability arises from improper input validation in config deployment, enabling an unauthenticated local attacker to gain admin privileges by deploying a configuration file. Publicly referenced advisories (e....

OpenCanary Executes Commands From Potentially Writable Config File

Impact OpenCanary directly executed commands taken from its config file. Where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon...

GHSA-PF5V-PQFV-X8JJ OpenCanary Executes Commands From Potentially Writable Config File

Impact OpenCanary directly executed commands taken from its config file. Where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon...

PYSEC-2024-248

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

PYSEC-2024-248

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

CVE-2024-48911

CVE-2024-48911 affects OpenCanary. Before 0.9.4, the config file could be edited by an unprivileged user in an unprivileged directory while the daemon runs as root, allowing that user to influence commands executed later by root and escalate privileges. The issue is fixed in OpenCanary 0.9.4 and ...

CVE-2024-48911 OpenCanary Executes Commands From Potentially Writable Config File

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

CVE-2024-48911 OpenCanary Executes Commands From Potentially Writable Config File

OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and...

GHSA-G77X-44XX-532M Denial of Service condition in Next.js image optimization

Impact The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service DoS condition which could lead to excessive CPU consumption. Not affected: - The next.config.js file is configured with images.unoptimized set to true or images.loader set to...

MOXA Service 安全漏洞

MOXA Service is a hardware device infrastructure service from China MOXA MOXA. A security vulnerability exists in MOXA Service, which stems from a lack of authentication during command sending and could allow an attacker to execute specific commands, resulting in unauthorized configuration file...

PT-2024-33263 · Unknown · Opencanary

Name of the Vulnerable Software and Affected Versions: OpenCanary versions prior to 0.9.4 Description: OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Where the config file is stored in an unprivileged user directory but the daemon is executed...

PT-2024-31526 · Helmholz +2 · Rex100 +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. No information is provided abou...