69 matches found
CVE-2024-27081 ESPHome remote code execution via arbitrary file write
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration...
ESPHome Path Traversal Vulnerability
Esphome is a system to configure and manage smart hardware. It is used to control Esp8266/Esp32 hardware for home automation control. A security vulnerability exists in ESPHome versions prior to 2024.2.1, which stems from a security misconfiguration that allows an authenticated, remote attacker t...
CVE-2023-39004
Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...
Privilege escalation
Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...
PT-2023-26730 · Opnsense · Opnsense Community Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue is related to insecure permissions in the configuration directory /conf/ of OPNsense, allowing attackers to access...
CVE-2023-39004
Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...
CVE-2023-39004
Insecure permissions in the configuration directory /conf/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information e.g., hashed root password which could lead to privilege escalation...
CVE-2023-39004
CVE-2023-39004 concerns insecure permissions in the OPNSense configuration directory (/conf/). Affected: OPNSense Community Edition prior to 23.7 and Business Edition prior to 23.4.2. Root cause: misconfigured directory permissions may allow attackers to read sensitive data (e.g., hashed root pas...
Path Traversal
asterisk is vulnerable to Path Traversal. The Asterisk Manager Interface's vulnerability allows an attacker to access files outside the asterisk configuration directory...
UBUNTU-CVE-2022-42706
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...
CVE-2022-42706
An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...
Clash 安全漏洞
Clash is a multi-platform agent client developed in the Go language by the individual developers of Dreamacro. A security vulnerability exists in Clash for Windows version v0.19.9, which originates from a misconfiguration in the Service Mode Configuration File directory, and can be exploited by a...
UBUNTU-CVE-2021-44038
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update...
OPENSUSE-SU-2021:1425-1 Security update for wireguard-tools
This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard bsc1191224 This update was imported from the SUSE:SLE-15-SP2:Update update project...
OPENSUSE-SU-2021:3527-1 Security update for wireguard-tools
This update for wireguard-tools fixes the following issues: - Removed world-readable permissions from /etc/wireguard bsc1191224...
[SECURITY] Fedora 33 Update: mediawiki-1.35.4-1.fc33
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
Debian DLA-2727-1 : pyxdg - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2727 advisory. It was discovered that there was a code injection issue in PyXDG, a library used to locate freedesktop.org configuration/cache/etc. directories. CVE-2019-12761 A code...
Fedora: Security Advisory for mediawiki (FEDORA-2020-a8ac31fed0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 31 Update: mediawiki-1.32.6-1.fc31
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
[SECURITY] Fedora 26 Update: mediawiki-1.28.1-2.fc26
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...