Lucene search
K

60 matches found

Cvelist
Cvelist
added 2024/08/09 6:2 p.m.35 views

CVE-2024-42470 CometVisu Backend for openHAB has a sensitive information disclosure vulnerability

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to...

6.5CVSS0.00523EPSS
Exploits0References2
CVE
CVE
added 2024/08/09 6:2 p.m.48 views

CVE-2024-42470

CVE-2024-42470 describes a vulnerability in the CometVisu add-on for openHAB. Several endpoints in versions prior to 4.2.1 do not require authentication, enabling unauthenticated attackers to modify or exfiltrate sensitive data, with the impact described as possible sensitive information disclosu...

9.1CVSS6.2AI score0.00523EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.6 views

PT-2024-29967 · Openhab · Cometvisu Add-On +1

Name of the Vulnerable Software and Affected Versions: openHAB CometVisu add-on versions prior to 4.2.1 Description: The issue affects several endpoints in the CometVisu add-on of openHAB that do not require authentication, allowing unauthenticated attackers to modify or steal sensitive data. Thi...

9.1CVSS6.8AI score0.00523EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.3 views

PT-2024-29965 · Openhab +1 · Openhab +1

Name of the Vulnerable Software and Affected Versions: openHAB versions prior to 4.2.1 Description: The issue concerns the CometVisu add-on of openHAB, which has file system endpoints that do not require authentication. Additionally, the endpoint to update an existing file is susceptible to path...

9.8CVSS8.1AI score0.01211EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/08/09 12:0 a.m.5 views

PT-2024-29963 · Openhab · Openhab +1

Name of the Vulnerable Software and Affected Versions: openHAB's CometVisu add-on versions prior to 4.2.1 Description: The proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication, allowing for Server-Side Request Forgery SSRF and Cross-Site Scripting XSS vulnerabilitie...

10CVSS7.2AI score0.01035EPSS
Exploits0References13
FreeBSD
FreeBSD
added 2024/08/09 12:0 a.m.6 views

OpenHAB CometVisu addon -- Multiple vulnerabilities

OpenHAB reports: This patch release addresses the following security advisories: SSRF/XSS CometVisu - GHSA-v7gr-mqpj-wwh3 Sensitive information disclosure CometVisu - GHSA-3g4c-hjhr-73rj RCE through path traversal CometVisu - GHSA-f729-58x4-gqgf Path traversal CometVisu - GHSA-pcwp-26pw-j98w All ...

6.9AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/03/18 12:0 a.m.228 views

FreeBSD : openhab -- log4j remote code injection (93a1c9a7-5bef-11ec-a47a-001517a2e1a4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93a1c9a7-5bef-11ec-a47a-001517a2e1a4 advisory. - Apache Log4j2 2.10 this behavior can be mitigated by setting system property log4j2.formatMsgNoLookup...

10CVSS8.2AI score0.99999EPSS
Exploits351References5
FreeBSD
FreeBSD
added 2021/12/10 12:0 a.m.134 views

openhab -- log4j remote code injection

Openhab reports: Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack...

10CVSS3.9AI score0.99999EPSS
Exploits351References3
OSV
OSV
added 2021/02/01 3:15 p.m.13 views

CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

5CVSS6.9AI score
Exploits0References4
NVD
NVD
added 2021/02/01 3:15 p.m.19 views

CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

6.4CVSS6.7AI score0.011EPSS
Exploits0References4
Prion
Prion
added 2021/02/01 3:15 p.m.20 views

Xxe

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

4CVSS5.4AI score0.011EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/02/01 2:40 p.m.46 views

CVE-2021-21266

openHAB versions prior to 2.5.12 and 3.0.1 are affected by an XML external entity (XXE) vulnerability that allows network-local attackers to read files from the file system via XML parsing, with potentially malicious responses to SSDP requests. The issue arises in SAX/JAXB-based XML processing ac...

6.4CVSS5.6AI score0.011EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/02/01 2:40 p.m.28 views

CVE-2021-21266 XXE vulnerability in OpenHAB

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

6.4CVSS6.8AI score0.011EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/01 12:0 a.m.9 views

openHAB Code Issues Vulnerabilities

A security vulnerability exists in openHAB before versions 2.5.12 and 3.0.1, which can be exploited by an attacker to retrieve internal information from the file system...

6.4CVSS5.9AI score0.011EPSS
Exploits0References5
CNVD
CNVD
added 2020/02/23 12:0 a.m.2 views

openHAB Access Control Error Vulnerability

openHAB is known as open Home Automation Bus, which is a project that aims to provide a common integration platform for home automation building An Access Control Error vulnerability exists in versions prior to openHAB 2.5.2. The vulnerability stems from a network system or product not properly...

9.3CVSS6.9AI score0.01973EPSS
Exploits0References1
OSV
OSV
added 2020/02/20 11:15 p.m.13 views

CVE-2020-5242

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

8.8CVSS7.6AI score
Exploits0References2
NVD
NVD
added 2020/02/20 11:15 p.m.14 views

CVE-2020-5242

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

9.3CVSS8.2AI score0.01973EPSS
Exploits0References2
Prion
Prion
added 2020/02/20 11:15 p.m.17 views

Design/Logic Flaw

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

9.3CVSS8.8AI score0.01973EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/20 10:55 p.m.13 views

CVE-2020-5242 openHAB exec add-ons allow remote arbitrary command execution

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

7.7CVSS8.9AI score0.01973EPSS
Exploits0References2
CVE
CVE
added 2020/02/20 10:55 p.m.94 views

CVE-2020-5242

openHAB prior to 2.5.2 is affected. A remote attacker can use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands with the privileges of the openHAB user. The root cause is lack of proper enforcement of command installation via REST until 2.5.2. Fi...

9.3CVSS8.5AI score0.01973EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder