2857 matches found
CVE-2024-42365
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
ALPINE-CVE-2024-42365
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
CVE-2024-42365
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
CVE-2024-42365
CVE-2024-42365 affects Asterisk prior to 18.24.2, 20.9.2, and 21.4.2 (and their certified-asterisk variants 18.9-cert11 and 20.7-cert2). An AMI user with write=originate can curl remote files and write them to disk, and can also append to existing files via the FILE function inside the SET applic...
CVE-2024-42365
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
CVE-2024-42365
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
CVE-2024-42365 Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
CVE-2024-42365 Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
Asterisk is an open source private branch exchange PBX and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with write=originate may change all configuration files in the /etc/asterisk/ directory. Thi...
PT-2024-7783 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G version 1.0.2B05 20181207 Description: The issue is related to insufficient protection of service data, allowing unauthorized configuration file downloads. These configuration files contain plaintext user passwords, which can ...
SUSE CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2024-6255
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
PYSEC-2024-73
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
CVE-2024-6255 Path Traversal in gaizhenbiao/chuanhuchatgpt
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
CVE-2024-6255 Path Traversal in gaizhenbiao/chuanhuchatgpt
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...
SUSE SLES15 / openSUSE 15 Security Update : kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (SUSE-SU-2024:2639-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2639-1 advisory. - Update to version 1.2.2 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.2 Release notes...
PT-2024-41003 · Kubevirt · Kubevirt
Name of the Vulnerable Software and Affected Versions: kubevirt versions prior to 1.2.2 Description: The issue is related to kubevirt and its associated containers, including virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container,...
CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
c-ares: Out of bounds read in ares__read_line()
A vulnerability was found in c-ares where the aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character ...
CVE-2024-1575
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70ACGG.3 and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device...
CVE-2024-1575
The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70ACGG.3 and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device...