CVE-2024-42183

LOW Year: 2024
CVSS v3 Score
2.5
Low
Weakness Type
CWE-494
View all →

Vulnerability Description

BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.

Related Vulnerabilities

CVE-2017-2739

LOW
CVSS:3.1(Low)

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to im...

CWE-4942017

CVE-2023-29401

MEDIUM
CVSS:4.3(Medium)

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename ...

CWE-4942023

CVE-2024-33660

MEDIUM
CVSS:4.3(Medium)

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

CWE-4942024

CVE-2001-1125

CRITICAL
CVSS:9.8(Critical)

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com ...

CWE-4942001

CVE-2002-0671

CRITICAL
CVSS:9.8(Critical)

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attacker...

CWE-4942002

CVE-2016-6567

CRITICAL
CVSS:9.8(Critical)

SHDesigns' Resident Download Manager provides firmware update capabilities for Rabbit 2000/3000 CPU boards, which according to the reporter may be used in some industrial control and embedded applicat...

CWE-4942016