Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 2:16 a.m.6 views

CVE-2024-24765

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

9.8CVSS6.9AI score0.00971EPSS
Exploits1References1
NVD
NVD
added 2024/03/06 6:15 p.m.30 views

CVE-2024-24765

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

9.8CVSS7.5AI score0.00971EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/06 5:31 p.m.13 views

CVE-2024-24765 CasaOS-UserService allows unauthorized access to any file

CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user...

7.5CVSS7.2AI score0.00971EPSS
Exploits1References3
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/06 12:0 a.m.76 views

CasaOS-UserService allows unauthorized access to any file

Summary http://demo.casaos.io/v1/users/image?path=/var/lib/casaos/1/avatar.png Originally it was to get the url of the user's avatar, but the path filtering was not strict, making it possible to get any file on the system. Details Construct paths to get any file. Such as the CasaOS user database,...

9.8CVSS6.8AI score0.00971EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2021/06/22 12:0 a.m.1 views

Tencent Classroom Has Janus Android Signature Vulnerability

Tencent Classroom is a professional online education platform launched by Tencent. Tencent Classroom has a Janus Android signature vulnerability, which can be exploited by an attacker to obtain system root privileges...

7AI score
Exploits0
CNVD
CNVD
added 2021/06/22 12:0 a.m.2 views

WeChat Phonebook suffers from Janus Android signature vulnerability

WeChat Phonebook is an intelligent communication enhancement software created by Tencent. WeChat Phonebook suffers from a Janus Android signature vulnerability. Attackers can use the vulnerability to obtain system root privileges...

7AI score
Exploits0
CNVD
CNVD
added 2021/02/05 12:0 a.m.2 views

Binary Vulnerability in Cisco rv130w

Cisco is a leading global provider of networking solutions. A binary vulnerability exists in Cisco rv130w, which could allow an attacker to gain system root privileges by constructing rop under authentication...

7.3AI score
Exploits0
NVD
NVD
added 1999/11/01 5:0 a.m.19 views

CVE-1999-1517

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar...

7.2CVSS6.5AI score0.00478EPSS
Exploits1References2
Rows per page
Query Builder