Search Results (26983 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5982 1 Gaizhenbiao 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt 2024-11-14 9.1 Critical
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.
CVE-2024-46890 2 Seimens, Siemens 2 Sinec Ins, Sinec Ins 2024-11-13 9.1 Critical
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.
CVE-2024-46888 2 Seimens, Siemens 2 Sinec Ins, Sinec Ins 2024-11-13 9.9 Critical
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.
CVE-2024-45764 1 Dell 2 Enterprise Sonic Distribution, Enterprise Sonic Os 2024-11-13 9 Critical
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-45765 1 Dell 2 Enterprise Sonic Distribution, Enterprise Sonic Os 2024-11-13 9.1 Critical
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-45763 1 Dell 1 Enterprise Sonic Distribution 2024-11-13 9.1 Critical
Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2024-47830 1 Plane 1 Plane 2024-11-12 9.3 Critical
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server side into performing requests to unintended locations. This vulnerability is fixed in 0.23.0.
CVE-2024-47074 1 Dataease 1 Dataease 2024-11-12 9.8 Critical
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, PgConfiguration class don't filter any parameters, directly concat user input. So, if the attacker adds some parameters in JDBC url, and connect to evil PG server, the attacker can trigger the PG jdbc deserialization vulnerability, and eventually the attacker can execute through the deserialization vulnerability system commands and obtain server privileges. The vulnerability has been fixed in v1.18.25.
CVE-2024-51748 1 Kanboard 1 Kanboard 2024-11-12 9.1 Critical
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-51747 1 Kanboard 1 Kanboard 2024-11-12 9.1 Critical
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-10915 1 Dlink 8 Dns-320, Dns-320 Firmware, Dns-320lw and 5 more 2024-11-08 8.1 High
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument group leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
CVE-2023-29125 2 Enel X, Enelx 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware 2024-11-08 9 Critical
A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700.
CVE-2023-29121 2 Enel X, Enelx 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware 2024-11-08 9.6 Critical
Waybox Enel TCF Agent service could be used to get administrator’s privileges over the Waybox system.
CVE-2023-29120 2 Enel X, Enelx 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware 2024-11-08 9.6 Critical
Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system.
CVE-2023-29119 2 Enel X, Enelx 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware 2024-11-08 9.6 Critical
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/dbstore.php.
CVE-2023-29118 2 Enel X, Enelx 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware 2024-11-08 9.6 Critical
Waybox Enel X web management application could execute arbitrary requests on the internal database via /admin/versions.php.
CVE-2024-51558 2 63moons, Brokeragetechnologysolutions 3 Aero, Wave 2.0, Wave 2.0 2024-11-08 9.8 Critical
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain unauthorized access and compromise other user accounts.
CVE-2024-49768 3 Agendaless, Pylons, Redhat 4 Waitress, Waitress, Openshift Ironic and 1 more 2024-11-07 9.1 Critical
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature.
CVE-2024-51136 1 Openimaj 1 Openimaj 2024-11-06 9.8 Critical
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
CVE-2024-49368 1 Nginxui 1 Nginx Ui 2024-11-06 9.8 Critical
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue.