EUVD-2024-2625

Malicious code in bioql PyPI...

EUVD-2024-2477

Malicious code in bioql PyPI...

CVE-2024-42470

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to...

CVE-2024-42467

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...

CVE-2024-42469

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...

FreeBSD : OpenHAB CometVisu addon -- Multiple vulnerabilities (587ed8ac-5957-11ef-854a-001e676bf734)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 587ed8ac-5957-11ef-854a-001e676bf734 advisory. OpenHAB reports: This patch release addresses the following security advisories: All of these are relat...

CVE-2024-42470

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to...

CVE-2024-42469

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...

CVE-2024-42468

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the...

CVE-2024-42467

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in versions of openHAB prior to 4.2.1 that stems from the vulnerability of the endpoint used by the CometVisu component to update existing files to path traversal, allowing an attacker to overwrite...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in openHAB versions prior to 4.2.1, which stems from the vulnerability of the CometVisu component to an unauthenticated path traversal attack, where an HTTP GET on the component can request a local...

GHSA-PCWP-26PW-J98W CometVisu Backend for openHAB has a path traversal vulnerability

openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. Impact This...

CometVisu Backend for openHAB has a path traversal vulnerability

openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. Impact This...

GHSA-F729-58X4-GQGF CometVisu Backend for openHAB affected by RCE through path traversal

CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is...

CometVisu Backend for openHAB affected by RCE through path traversal

CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. This makes it possible for an attacker to overwrite existing files on the openHAB instance. If the overwritten file is a shell script that is...

CometVisu Backend for openHAB has a sensitive information disclosure vulnerability

Several endpoints in the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. Impact This issue may lead to sensitive Information Disclosure...

GHSA-3G4C-HJHR-73RJ CometVisu Backend for openHAB has a sensitive information disclosure vulnerability

Several endpoints in the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to steal sensitive data. Impact This issue may lead to sensitive Information Disclosure...

GHSA-V7GR-MQPJ-WWH3 CometVisu Backend for openHAB affected by SSRF/XSS

The proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery SSRF to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network. Furthermore, this proxy-featu...

CometVisu Backend for openHAB affected by SSRF/XSS

The proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery SSRF to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network. Furthermore, this proxy-featu...