Lucene search
K

69 matches found

Vulnrichment
Vulnrichment
added 2024/02/26 4:29 p.m.15 views

CVE-2024-27081 ESPHome remote code execution via arbitrary file write

ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...

7.2CVSS7.7AI score0.01535EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

ESPHome Path Traversal Vulnerability

Esphome is a system to configure and manage smart hardware. It is used to control Esp8266/Esp32 hardware for home automation control. A security vulnerability exists in ESPHome versions prior to 2024.2.1, which stems from a security misconfiguration that allows an authenticated, remote attacker t...

8.8CVSS7.9AI score0.01535EPSS
Exploits1References3
NVD
NVD
added 2023/08/09 7:15 p.m.21 views

CVE-2023-39004

Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...

9.8CVSS9.3AI score0.00822EPSS
Exploits1References1
Prion
Prion
added 2023/08/09 7:15 p.m.19 views

Privilege escalation

Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...

7.5CVSS9.1AI score0.00822EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/09 12:0 a.m.5 views

PT-2023-26730 · Opnsense · Opnsense Community Edition +1

Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is related to insecure permissions in the configuration directory /conf/ of OPNsense, allowing attackers to access...

9.8CVSS9.3AI score0.00822EPSS
Exploits1References6
OSV
OSV
added 2023/08/09 12:0 a.m.11 views

CVE-2023-39004

Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...

9.8CVSS6.8AI score0.00822EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/08/09 12:0 a.m.12 views

CVE-2023-39004

Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...

6.6AI score0.00822EPSS
Exploits1References1
CVE
CVE
added 2023/08/09 12:0 a.m.50 views

CVE-2023-39004

CVE-2023-39004 concerns insecure permissions in the OPNSense configuration directory (/conf/). Affected: OPNSense Community Edition prior to 23.7 and Business Edition prior to 23.4.2. Root cause: misconfigured directory permissions may allow attackers to read sensitive data (e.g., hashed root pas...

9.8CVSS9.2AI score0.00822EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2022/12/13 11:44 p.m.22 views

Path Traversal

asterisk is vulnerable to Path Traversal. The Asterisk Manager Interface's vulnerability allows an attacker to access files outside the asterisk configuration directory...

4.9CVSS6.7AI score0.01094EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/12/05 9:15 p.m.3 views

UBUNTU-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

4.9CVSS5.8AI score0.01094EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.6 views

CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

6.6AI score0.01094EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.6 views

Clash 安全漏洞

Clash is a multi-platform agent client developed in the Go language by the individual developers of Dreamacro. A security vulnerability exists in Clash for Windows version v0.19.9, which originates from a misconfiguration in the Service Mode Configuration File directory, and can be exploited by a...

7.8CVSS7.8AI score0.00321EPSS
Exploits1References2
OSV
OSV
added 2021/11/19 7:15 p.m.8 views

UBUNTU-CVE-2021-44038

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...

7.8CVSS7.2AI score0.00761EPSS
Exploits1References3
OSV
OSV
added 2021/10/31 3:8 p.m.2 views

OPENSUSE-SU-2021:1425-1 Security update for wireguard-tools

This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard bsc1191224 This update was imported from the SUSE:SLE-15-SP2:Update update project...

7.2AI score
Exploits0References2
OSV
OSV
added 2021/10/26 3:3 p.m.2 views

OPENSUSE-SU-2021:3527-1 Security update for wireguard-tools

This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard bsc1191224...

7.2AI score
Exploits0References2
Fedora
Fedora
added 2021/10/12 11:47 p.m.65 views

[SECURITY] Fedora 33 Update: mediawiki-1.35.4-1.fc33

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

9.8CVSS3.2AI score0.01943EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2021/08/03 12:0 a.m.30 views

Debian DLA-2727-1 : pyxdg - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2727 advisory. It was discovered that there was a code injection issue in PyXDG, a library used to locate freedesktop.org configuration/cache/etc. directories. CVE-2019-12761 A code...

7.5CVSS7.6AI score0.02105EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/03/15 12:0 a.m.15 views

Fedora: Security Advisory for mediawiki (FEDORA-2020-a8ac31fed0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2020/03/14 12:37 a.m.11 views

[SECURITY] Fedora 31 Update: mediawiki-1.32.6-1.fc31

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

3.2AI score
Exploits0
Fedora
Fedora
added 2017/04/13 2:9 p.m.13 views

[SECURITY] Fedora 26 Update: mediawiki-1.28.1-2.fc26

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...

3.2AI score
Exploits0
Rows per page
Query Builder