CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2043 matches found

Cvelist•added 2022/04/06 1:22 a.m.•15 views

CVE-2021-30497

Ivanti Avalanche Premise 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive...

7.6AI score0.9658EPSS

Exploits1References3

CVE•added 2022/04/06 1:22 a.m.•96 views

CVE-2021-30497

Ivanti Avalanche 6.3.2 on Premise is affected by CVE-2021-30497: a Local/File Inclusion/Absolute Path Traversal flaw in the /AvalancheWeb/image endpoint allows remote, unauthenticated users to read arbitrary files (e.g., C:\Windows\system32\config\system.sav) due to imageFilePath not being valida...

7.5CVSS7.3AI score0.9658EPSS

In wildExploits1References3Affected Software1

Mageia•added 2022/03/21 8:18 p.m.•99 views

Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

8.6CVSS3.9AI score0.15014EPSS

Exploits1References2

OSV•added 2022/03/11 6:15 p.m.•3 views

CVE-2022-25216

An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player recently renamed PlayerFab has read-access, by means of an HTTP GET request to http://:32080/download/...

7.5CVSS5.8AI score0.13835EPSS

Exploits1References1

ATTACKERKB•added 2022/03/11 6:15 p.m.•6 views

CVE-2022-25216

7.8CVSS7.2AI score0.13835EPSS

Exploits1References3

NVD•added 2022/03/11 6:15 p.m.•19 views

CVE-2022-25216

7.8CVSS0.13835EPSS

Exploits1References1

Cvelist•added 2022/03/11 5:54 p.m.•18 views

CVE-2022-25216

7.7AI score0.13835EPSS

Exploits1References1

CVE•added 2022/03/11 5:54 p.m.•91 views

CVE-2022-25216

DVDFab 12 Player/PlayerFab is affected by a local file inclusion (absolute path traversal) via HTTP GET to /download/. The issue allows remote attackers to download any file on the Windows filesystem readable by the running user. Root cause: traversal of local paths in the download endpoint. Affe...

7.8CVSS7.5AI score0.13835EPSS

Exploits1References1Affected Software2

Tenable Nessus•added 2022/03/05 12:0 a.m.•56 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2022:0715-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0715-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and...

9.8CVSS7.3AI score0.15014EPSS

Exploits4References16

Tenable Nessus•added 2022/03/05 12:0 a.m.•44 views

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...

9.8CVSS7.4AI score0.15014EPSS

Exploits4References16

OSV•added 2022/03/04 8:38 a.m.•6 views

SUSE-SU-2022:0715-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

9.8CVSS8.7AI score0.15014EPSS

Exploits4References11

OPENSUSE Linux•added 2022/03/04 12:0 a.m.•54 views

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2022:0715-1 Rating: important References: 1191962 1191963 1192153 1192154 1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 NVD : 7.5...

8.1CVSS9.1AI score0.15014EPSS

Exploits4References5

OPENSUSE Linux•added 2022/03/04 12:0 a.m.•63 views

Security update for nodejs8 (important)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-22022:20000-2 Rating: important References: 1038980 1191962 1191963 1192153 1192154 1192696 Cross-References: CVE-2017-8923 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores:...

8.1CVSS9.3AI score0.15014EPSS

Exploits5References6

OpenVAS•added 2022/03/03 12:0 a.m.•22 views

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0657-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.2AI score0.15014EPSS

Exploits4References2

Tenable Nessus•added 2022/03/03 12:0 a.m.•51 views

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2022:0657-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0657-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...

9.8CVSS7.4AI score0.15014EPSS

Exploits4References16

Tenable Nessus•added 2022/03/03 12:0 a.m.•258 views

openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2022:0657-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0657-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and...

9.8CVSS7.3AI score0.15014EPSS

Exploits4References16

OpenVAS•added 2022/03/02 12:0 a.m.•30 views

SUSE: Security Advisory (SUSE-SU-2022:0657-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.15014EPSS

Exploits4References8

Tenable Nessus•added 2022/02/24 12:0 a.m.•43 views

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0563-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0563-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...

9.8CVSS7.4AI score0.15014EPSS

Exploits4References16

QT•added 2022/02/17 12:0 a.m.•53 views

Security advisory: QProcess

Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal. Specifically, the...

7.2CVSS0.3AI score0.00334EPSS

Exploits0