6 matches found
EUVD-2024-2477
Malicious code in bioql PyPI...
CVE-2024-42470
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to...
CVE-2024-42469
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...
PT-2024-29967 · Openhab · Cometvisu Add-On +1
Name of the Vulnerable Software and Affected Versions: openHAB CometVisu add-on versions prior to 4.2.1 Description: The issue affects several endpoints in the CometVisu add-on of openHAB that do not require authentication, allowing unauthenticated attackers to modify or steal sensitive data. Thi...
PT-2024-29965 · Openhab +1 · Openhab +1
Name of the Vulnerable Software and Affected Versions: openHAB versions prior to 4.2.1 Description: The issue concerns the CometVisu add-on of openHAB, which has file system endpoints that do not require authentication. Additionally, the endpoint to update an existing file is susceptible to path...
PT-2024-29963 · Openhab · Openhab +1
Name of the Vulnerable Software and Affected Versions: openHAB's CometVisu add-on versions prior to 4.2.1 Description: The proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication, allowing for Server-Side Request Forgery SSRF and Cross-Site Scripting XSS vulnerabilitie...