60 matches found
CVE-2024-42470 CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to...
CVE-2024-42470
CVE-2024-42470 describes a vulnerability in the CometVisu add-on for openHAB. Several endpoints in versions prior to 4.2.1 do not require authentication, enabling unauthenticated attackers to modify or exfiltrate sensitive data, with the impact described as possible sensitive information disclosu...
PT-2024-29967 · Openhab · Cometvisu Add-On +1
Name of the Vulnerable Software and Affected Versions: openHAB CometVisu add-on versions prior to 4.2.1 Description: The issue affects several endpoints in the CometVisu add-on of openHAB that do not require authentication, allowing unauthenticated attackers to modify or steal sensitive data. Thi...
PT-2024-29965 · Openhab +1 · Openhab +1
Name of the Vulnerable Software and Affected Versions: openHAB versions prior to 4.2.1 Description: The issue concerns the CometVisu add-on of openHAB, which has file system endpoints that do not require authentication. Additionally, the endpoint to update an existing file is susceptible to path...
PT-2024-29963 · Openhab · Openhab +1
Name of the Vulnerable Software and Affected Versions: openHAB's CometVisu add-on versions prior to 4.2.1 Description: The proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication, allowing for Server-Side Request Forgery SSRF and Cross-Site Scripting XSS vulnerabilitie...
OpenHAB CometVisu addon -- Multiple vulnerabilities
OpenHAB reports: This patch release addresses the following security advisories: SSRF/XSS CometVisu - GHSA-v7gr-mqpj-wwh3 Sensitive information disclosure CometVisu - GHSA-3g4c-hjhr-73rj RCE through path traversal CometVisu - GHSA-f729-58x4-gqgf Path traversal CometVisu - GHSA-pcwp-26pw-j98w All ...
FreeBSD : openhab -- log4j remote code injection (93a1c9a7-5bef-11ec-a47a-001517a2e1a4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 93a1c9a7-5bef-11ec-a47a-001517a2e1a4 advisory. - Apache Log4j2 2.10 this behavior can be mitigated by setting system property log4j2.formatMsgNoLookup...
openhab -- log4j remote code injection
Openhab reports: Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack...
CVE-2021-21266
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...
CVE-2021-21266
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...
Xxe
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...
CVE-2021-21266
openHAB versions prior to 2.5.12 and 3.0.1 are affected by an XML external entity (XXE) vulnerability that allows network-local attackers to read files from the file system via XML parsing, with potentially malicious responses to SSDP requests. The issue arises in SAX/JAXB-based XML processing ac...
CVE-2021-21266 XXE vulnerability in OpenHAB
openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...
openHAB Code Issues Vulnerabilities
A security vulnerability exists in openHAB before versions 2.5.12 and 3.0.1, which can be exploited by an attacker to retrieve internal information from the file system...
openHAB Access Control Error Vulnerability
openHAB is known as open Home Automation Bus, which is a project that aims to provide a common integration platform for home automation building An Access Control Error vulnerability exists in versions prior to openHAB 2.5.2. The vulnerability stems from a network system or product not properly...
CVE-2020-5242
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...
CVE-2020-5242
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...
Design/Logic Flaw
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...
CVE-2020-5242 openHAB exec add-ons allow remote arbitrary command execution
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...
CVE-2020-5242
openHAB prior to 2.5.2 is affected. A remote attacker can use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands with the privileges of the openHAB user. The root cause is lack of proper enforcement of command installation via REST until 2.5.2. Fi...