Lucene search
K

67 matches found

Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.9 views

RockyLinux 9 : bubblewrap and flatpak (RLSA-2024:9449)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9449 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly from t...

10CVSS8AI score0.01283EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.6 views

VMware Spring Framework 安全漏洞

VMware Spring Framework is a set of open source Java, JavaEE application frameworks from VMware. The framework helps developers build high-quality applications. A security vulnerability exists in VMware Spring Framework. An attacker can exploit the vulnerability to read files outside of the servi...

7.5CVSS6.1AI score0.54862EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2024/07/23 1:19 p.m.5 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/08 2:38 p.m.3 views

qemu-kvm: 'qemu-img info' leads to host file read/write

A flaw was found in the QEMU disk image utility qemu-img 'info' command. A specially crafted image file containing a json: value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write ...

7.8CVSS7.1AI score0.00333EPSS
Exploits0References4
CNVD
CNVD
added 2024/07/05 12:0 a.m.5 views

QEMU Resource Management Error Vulnerability (CNVD-2024-31523)

QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. A resource management error vulnerability exists in QEMU. The vulnerability stems from the presence of uncontrolled resource consumption by the application, which can be exploited by an attacke...

7.8CVSS6.4AI score0.00333EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/06/24 12:0 a.m.7 views

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340 and its network modules, Modicon M340 BMXNOE0100, Modicon M340 BMXNOE0110, stems from the use of files and directories accessible to external parties. This allows attackers to disrupt the device’s firmware updates and cause improper operation of the web server.

The vulnerability of the microprogramming software of Schneider Electric’s programmable logic controller Modicon M340, as well as its network modules Modicon M340 BMXNOE0100 and Modicon M340 BMXNOE0110, stems from the use of files and directories accessible to external parties. Exploiting this...

6.5CVSS5.4AI score0.00348EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/23 12:0 a.m.6 views

Backstage Security Vulnerabilities

Backstage is a software application. Backstage is an open platform for building developer portals. A security vulnerability exists in Backstage backend-common, which stems from insufficiently detailed path checking using "resolveSafeChildPath". The vulnerability can be exploited to access files a...

8.7CVSS6.7AI score0.00801EPSS
Exploits0References5
OSV
OSV
added 2024/01/29 9:15 p.m.5 views

CVE-2023-4550

Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. Thi...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.6 views

jupyterlab-lsp Security Vulnerabilities

jupyterlab-lsp is a tool that provides coding help for JupyterLab using the Language Server protocol. A security vulnerability exists in jupyterlab-lsp 2.2.1 and earlier versions, which stems from a lack of authentication of the jupyter-lsp server extension endpoint, allowing an attacker to acces...

9.8CVSS7AI score0.00491EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/12/11 12:0 a.m.7 views

The vulnerability of the Apache Struts software platform, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Struts software platform is related to the use of files and directories accessible from external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8.4AI score0.80819EPSS
Exploits15References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.5 views

The vulnerability of NVIDIA Virtual GPU driver relates to the use of files and directories accessible from external parties. This allows attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service interruptions.

The vulnerability of NVIDIA Virtual GPU driver relates to the use of files and directories accessible from external parties. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, enhance their privileges, execute arbitrary code, or cause service...

7.8CVSS7.5AI score0.00194EPSS
Exploits0References3Affected Software16
BDU FSTEC
BDU FSTEC
added 2023/09/13 12:0 a.m.8 views

The vulnerability of the CMPapp component in CODESYS software products allows a hacker to load arbitrary files into the system.

The vulnerability of the CMPapp component in CODESYS software products is related to the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor to upload arbitrary files into the system remotely...

6.8CVSS6.6AI score0.00412EPSS
Exploits0References4Affected Software16
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.6 views

Mlflow 安全漏洞

Mlflow is an open source platform for machine learning lifecycles. A security vulnerability exists in Mlflow versions prior to 2.3.1. An attacker exploiting this vulnerability could access files and directories stored outside of the web root folder...

10CVSS8.2AI score0.04153EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/08 12:0 a.m.6 views

maps-js-icoads 路径遍历漏洞

maps-js-icoads is a spatio-temporal data visualization of ships and buoys by the individual developer Paul R. Saxman. A path traversal vulnerability exists in maps-js-icoads. An attacker exploiting this vulnerability could access files and directories stored outside of the web root folder...

5.5CVSS5.7AI score0.00646EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.2 views

IBM Spectrum Scale 路径遍历漏洞

IBM Spectrum Scale is a suite of scalable data and file management solutions from International Business Machines IBM based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improvin...

6.8CVSS6.6AI score0.00924EPSS
Exploits0References3
OSV
OSV
added 2022/12/05 9:15 p.m.3 views

UBUNTU-CVE-2022-42706

An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal...

4.9CVSS5.8AI score0.01094EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/11/14 8:15 a.m.1 views

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

7.2CVSS7.2AI score0.01911EPSS
Exploits0References4
OSV
OSV
added 2022/09/28 2:15 p.m.4 views

UBUNTU-CVE-2022-39261

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...

7.5CVSS7.2AI score0.01488EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.4 views

3S-Smart Software Solutions CODESYS V3 web server 安全漏洞

3s-smart Software Solutions 3S-Smart Software Solutions CODESYS V3 web server is a web server from 3S-Smart Software Solutions Germany that is used in the CODESYS product. 3S-Smart Software Solutions CODESYS V3 web server is a web server used by 3S-Smart Software Solutions 3s-smart Software...

7.5CVSS7.7AI score0.01014EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/06/15 12:0 a.m.7 views

The vulnerability of the command-line interface of the programmatically defined Cisco SD-WAN network allows a hacker to re-write any files they desire.

The vulnerability of the command-line interface of the programmatically defined Cisco SD-WAN network relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a attacker to overwrite arbitrary files...

4.9CVSS5.6AI score0.00229EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder