Lucene search
K

3349 matches found

CNNVD
CNNVD
added 2023/08/03 12:0 a.m.6 views

Zkteco BioTime Path Traversal Vulnerability

ZKTeco BioTime is a powerful web-based time and attendance management software from the Chinese company ZKTeco. A path traversal vulnerability exists in ZKTeco BioTime version v8.5.5, which originates from a vulnerability that allows an unauthenticated attacker to read arbitrary files by providin...

7.5CVSS6.8AI score0.8488EPSS
Exploits3References7
Ubuntu
Ubuntu
added 2023/08/01 11:43 a.m.49 views

USN-6266-1: librsvg vulnerability

Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element...

5.5CVSS6.5AI score0.02132EPSS
Exploits1
CVE
CVE
added 2023/07/28 11:26 p.m.125 views

CVE-2021-4324

CVE-2021-4324 affects Google Chrome (Chromium-based) prior to version 90.0.4430.93. Root cause: insufficient policy enforcement in Google Update. Impact: remote attacker could read arbitrary files via a malicious file. Affected versions are before 90.0.4430.93; remediation is to update to 90.0.44...

6.5CVSS6.7AI score0.00525EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/25 9:30 a.m.26 views

JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5CVSS7.5AI score0.01323EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/07/25 8:15 a.m.19 views

CVE-2023-34434

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5CVSS7.2AI score0.01323EPSS
Exploits0References3
NVD
NVD
added 2023/07/25 8:15 a.m.21 views

CVE-2023-34434

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5CVSS7.5AI score0.01323EPSS
Exploits0References3
Prion
Prion
added 2023/07/25 8:15 a.m.23 views

Deserialization of untrusted data

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

5CVSS7.5AI score0.01323EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/25 7:9 a.m.25 views

CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.7AI score0.01323EPSS
Exploits0References3
CVE
CVE
added 2023/07/25 7:9 a.m.74 views

CVE-2023-34434

CVE-2023-34434 affects Apache InLong (versions 1.4.0–1.7.0). It is a deserialization of untrusted data vulnerability that could bypass logic and read arbitrary files. The remediation is to upgrade to InLong 1.8.0 or apply the patch from PR 8130. Connected sources corroborate the affected versions...

7.5CVSS7.5AI score0.01323EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/25 7:9 a.m.19 views

CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5AI score0.01323EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.3 views

PT-2023-5268 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.7.0 Description: The issue affects Apache InLong, allowing an attacker to bypass the current logic and achieve arbitrary file reading by exploiting a deserialization of untrusted data vulnerability. This...

8.7CVSS7AI score0.01323EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.3 views

PT-2024-03: Vulnerability of reading internal application files in OpenKeychain

The vulnerability was identified in OpeKeychain v.5.8.2 58902. It allows a potential attacker to read any files available to an application including from the application sandbox and save files to external storage. The vulnerability is caused by insufficient filtering of input parameters...

5.1CVSS7.1AI score
Exploits0
OSV
OSV
added 2023/07/13 3:15 a.m.3 views

CVE-2023-34135

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

6.5CVSS5.9AI score0.01173EPSS
Exploits0References2
CVE
CVE
added 2023/07/12 7:5 a.m.44 views

CVE-2023-2762

Summary of CVE-2023-2762 (SOLIDWORKS Desktop) A Use-After-Free vulnerability exists in the SLDPRT file reading procedure affecting SOLIDWORKS Desktop from release 2021 through 2023. The underlying issue occurs during parsing of SLDPRT files and could allow an attacker to execute arbitrary code wh...

7.8CVSS7.7AI score0.00334EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

SolidWorks 资源管理错误漏洞

SolidWorks is a 3D CAD software from SolidWorks that runs on the Microsoft Windows platform. A security vulnerability exists in SolidWorks versions 2021 through 2023, which stems from the presence of a post-release reuse vulnerability during file reading that could allow an attacker to execute...

7.8CVSS7.8AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2023/07/05 7:25 p.m.13 views

CVE-2023-34457 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

5.9CVSS7.4AI score0.009EPSS
Exploits1References6
CNVD
CNVD
added 2023/06/29 12:0 a.m.11 views

Traggo server directory traversal vulnerability

Traggo is a tag-based time tracking tool. A directory traversal vulnerability exists in the Traggo server, which can be exploited by an attacker to read arbitrary files...

7.5CVSS6.6AI score0.07176EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/07 8:43 p.m.10 views

CVE-2023-1864 FANUC ROBOGUIDE-HandlingPRO Path Traversal

FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software...

6.8CVSS6.7AI score0.00943EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.5 views

Jeecg P3 Biz Chat 安全漏洞

Jeecg P3 Biz Chat is a Jeecg open source online chat plugin. A security vulnerability exists in Jeecg P3 Biz Chat version 1.0.5, which originated from a vulnerability that allows remote attackers to read arbitrary files via specific parameters...

7.5CVSS7.6AI score0.04042EPSS
Exploits1References2
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

DEBIAN-CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

8.8CVSS8AI score0.00753EPSS
Exploits0References1
Rows per page
Query Builder