Lucene search
K

132 matches found

OSV
OSV
added 2023/08/11 8:15 a.m.11 views

PYSEC-2023-136

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

7.5CVSS6.6AI score0.01776EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/18 5:55 p.m.10 views

CVE-2022-36328 Path Traversal Vulnerability leading to an arbitrary file read in Western Digital devices

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, M...

5.8CVSS7.3AI score0.00767EPSS
Exploits0References2
Hacker One
Hacker One
added 2023/04/29 10:18 p.m.68 views

Node.js: fs.openAsBlob() bypasses permission system

The fs.openAsBlob method in Node.js, when used with the --experimental-permission flag, allowed bypassing the permission system and reading files without the required permissions...

7.5CVSS6AI score0.00722EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.5 views

The vulnerability of the ClamAV antivirus program lies in the improper restriction of recursive references to objects in the DTDS, which allows a hacker to gain access to confidential information.

The vulnerability in the ClamAV scanning library relates to the possibility of replacing the XML payload, which may lead to the insertion of an external payload. Exploiting this vulnerability allows a malicious actor to send specially created XML code to the antivirus software and to read bytes...

5.3CVSS7.3AI score0.06675EPSS
Exploits5References4Affected Software4
Positive Technologies
Positive Technologies
added 2023/03/15 12:0 a.m.8 views

PT-2023-20030 · Swig +1 · Swig +1

Name of the Vulnerable Software and Affected Versions: swig-templates versions 2.0.4 and earlier swig versions 1.4.2 and earlier Description: A directory traversal issue allows attackers to read arbitrary files via the include or extends tags. This can be exploited by attackers to access sensitiv...

7.5CVSS7.1AI score0.01042EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/10/18 12:0 a.m.9 views

LavaLite 路径遍历漏洞

LavaLite is an open source lightweight content management system CMS. A path traversal vulnerability exists in LavaLite version 9.0.0, which stems from the vulnerability of its SRF-TOKEN cookie to path traversal attacks, allowing read access to arbitrary files on the server...

7.5CVSS7.4AI score0.00935EPSS
Exploits1References2
CNVD
CNVD
added 2022/10/13 12:0 a.m.21 views

Information leakage vulnerability of multiple Siemens products

Siemens Desigo PX is a building automation control system from Siemens, a German company. The information disclosure vulnerability in several Siemens products stems from the fact that the endpoint of the "Operation" web application that interprets and executes Axon language queries allows file re...

3.8AI score0.0081EPSS
Exploits0
NVD
NVD
added 2022/10/11 11:15 a.m.18 views

CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

5.7CVSS0.0081EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.23 views

CVE-2022-40177

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

5.7AI score0.0081EPSS
Exploits0References1
CVE
CVE
added 2022/10/11 12:0 a.m.159 views

CVE-2022-40177

CVE-2022-40177 affects Siemens Desigo PXM devices (PXM30-1/30.E/40-1/40.E/50-1/50.E; PXG3.W100-1/2; PXG3.W200-1/2) where the Operation web application Axon interface can read device files with root privileges. The root cause is improper file-system access control via Axon queries, enabling a remo...

5.7CVSS5.4AI score0.0081EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/17 3:33 a.m.5 views

GHSA-9W4F-3V37-6F75 ceph-deploy allows local users to obtain sensitive information by reading the file

ceph-deploy before 1.5.23 uses weak permissions 644 for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file...

5.1CVSS5.5AI score0.00376EPSS
Exploits0References13
OSV
OSV
added 2022/05/17 3:5 a.m.3 views

GHSA-JPR7-8RXM-4VGX Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter

fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...

5.9CVSS4.6AI score0.01819EPSS
Exploits0References7
OSV
OSV
added 2022/05/01 11:38 p.m.10 views

GHSA-XXJJ-JHGC-R68F Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...

6.9CVSS6.8AI score0.02255EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/03/18 11:5 a.m.4 views

CVE-2021-22571 Information Leak in SA360-webquery-bigquery through read on /tmp

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

5.5CVSS5.3AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2022/03/16 3:15 p.m.3 views

CVE-2022-25249

When connecting to a certain port Axeda agent All versions and Axeda Desktop Server for Windows All versions disregarding Axeda agent v6.9.2 and v6.9.3 is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server...

7.5CVSS5.8AI score0.02377EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/10 1:55 a.m.18 views

CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

6.5AI score0.01098EPSS
Exploits0References3
NVD
NVD
added 2021/07/22 4:15 p.m.16 views

CVE-2021-34700

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficient...

5.5CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2021/01/05 12:15 p.m.18 views

CVE-2020-17519

A change introduced in Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users shou...

9.1CVSS7.2AI score0.97856EPSS
Exploits14References17
Positive Technologies
Positive Technologies
added 2020/12/18 12:0 a.m.17 views

PT-2020-15252 · Uftpd · Uftpd

Name of the Vulnerable Software and Affected Versions: uftpd FTP server versions 2.7 to 2.10 Description: The issue arises from improper implementation of a chroot jail in the compose abspath function in common.c, leading to multiple unauthenticated directory traversal vulnerabilities in differen...

9.8CVSS9.9AI score0.25249EPSS
Exploits4References9
RedHat Linux
RedHat Linux
added 2020/06/15 4:16 p.m.3 views

EAP: XXE issue in TransformerFactory

It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed...

9.8CVSS5.8AI score0.02007EPSS
Exploits0References4
Rows per page
Query Builder