openSUSE 15 Security Update : kmail-account-wizard (openSUSE-SU-2024:0353-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0353-1 advisory. - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files boo1232454, kde487882 Tenable has extracted the precedi...

The vulnerability of the Veeam ONE monitoring software, related to deficiencies in access control, allows a hacker to modify configuration files.

The vulnerability of the Veeam ONE monitoring software relates to deficiencies in access control. Exploiting this vulnerability could allow attackers to modify configuration files...

The vulnerability of the OPC server WorkstationST, related to the lack of authentication for critical functions, allows attackers to write or overwrite files on the configuration server.

The vulnerability of the OPC server WorkstationST is related to the absence of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to record or rerecord configuration files on the server remotely...

CVE-2024-10620

The CVE-2024-10620 entry concerns knightliao Disconf 2.6.36. The affected component is the Configuration Center, specifically the /api/config/list path. The root cause is improper authentication on this endpoint, enabling remote initiation of an attack. Public disclosures exist, indicating exploi...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-48647

CVE-2024-48647 — Sage 1000 v7.0.0 : A Local File Disclosure vulnerability exists where an attacker can retrieve arbitrary files from the server by manipulating URL parameters. Public documentation confirms this impacts Sage 1000 version 7.0.0 and enables access to sensitive files such as configur...

CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-5823

A CVE-2024-5823 entry concerns a file overwrite vulnerability in gaizhenbiao/chuanhuchatgpt versions <= 20240410. The root cause: an insecure file handling path enables an attacker to overwrite critical configuration files, which can lead to unauthorized changes in system behavior or security ...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2024-2731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.12.1 : c-ares (EulerOS-SA-2024-2748)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.con...

EulerOS Virtualization 2.12.0 : c-ares (EulerOS-SA-2024-2766)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.con...

CVE-2024-49359

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...

CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...

CVE-2024-49359

CVE-2024-49359 affects ZimaOS (fork of CasaOS) prior to or including version 1.2.4. The vulnerability is a directory traversal in the API endpoint /v2_1/file, exploitable by an authenticated user who can manipulate the path parameter to list arbitrary directories (e.g., /etc) on the server. The r...

CVE-2024-47575

A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4,...

GHSA-R9MQ-3C9R-FMJQ Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy

Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...