Lucene search
K

3349 matches found

OSV
OSV
added 2023/06/02 5:15 p.m.2 views

DEBIAN-CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

8.8CVSS8AI score0.00753EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.7 views

CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

8.8CVSS7.4AI score0.00753EPSS
Exploits0References7
Prion
Prion
added 2023/06/02 5:15 p.m.21 views

Design/Logic Flaw

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

6.8CVSS7.9AI score0.00753EPSS
Exploits0References6Affected Software3
CVE
CVE
added 2023/06/02 12:0 a.m.165 views

CVE-2023-32213

CVE-2023-32213 affects Mozilla Firefox and Thunderbird. The flaw arises when reading a file, where an uninitialized value could be used as the read limit. Affected versions are Firefox <113, Firefox ESR <102.11, and Thunderbird

8.8CVSS8.1AI score0.00753EPSS
Exploits0References6Affected Software3
Prion
Prion
added 2023/06/01 5:15 p.m.16 views

Design/Logic Flaw

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

5CVSS7.1AI score0.03152EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/06/01 4:29 p.m.34 views

CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

7.5CVSS7.3AI score0.03152EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/06/01 4:29 p.m.12 views

CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options server.fs.deny can be bypassed using double forward-slash // allows any unauthenticated user to read file from the Vite root-path of the application including the default fs.deny...

7.5CVSS6.5AI score0.03152EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.4 views

Kramer VIA GO² 安全漏洞

The Kramer VIA GO² is a 4K wireless presentation device from Kramer. A security vulnerability exists in Kramer VIA GO² versions prior to 4.0.1.1326, which stems from susceptibility to unauthenticated arbitrary file reading...

7.5CVSS7.5AI score0.00698EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/29 12:0 a.m.6 views

CVE-2021-27825

A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL...

6.8AI score0.078EPSS
Exploits3References2
UbuntuCve
UbuntuCve
added 2023/05/26 9:15 p.m.36 views

CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

10CVSS7.1AI score0.71641EPSS
Exploits5References4
CNVD
CNVD
added 2023/05/26 12:0 a.m.15 views

GitLab CE/EE Path Traversal Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE/...

10CVSS6.7AI score0.71641EPSS
Exploits5References1
Kitploit
Kitploit
added 2023/05/24 12:30 p.m.176 views

Jsfinder - Fetches JavaScript Files Quickly And Comprehensively

jsFinder is a command-line tool written in Go that scans web pages to find JavaScript files linked in the HTML source code. It searches for any attribute that can contain a JavaScript file e.g., src, href, data-main, etc. and extracts the URLs of the files to a text file. The tool is designed to ...

7.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/05/19 12:0 a.m.25 views

Oracle Linux 9 : firefox (ELSA-2023-3143)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3143 advisory. 102.11.0-2.0.1 - Updated homepages to use https Orabug: 34648274 102.11.0-2 - Update to 102.11.0 build2 102.11.0-1 - Update to 102.11.0 build1 Tenable...

8.8CVSS7.4AI score0.00753EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.30 views

AlmaLinux 9 : firefox (ALSA-2023:3143)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3143 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofin...

8.8CVSS7.9AI score0.00753EPSS
Exploits0References8
Prion
Prion
added 2023/05/16 7:15 p.m.22 views

Path traversal

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files...

4CVSS6.6AI score0.00648EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.4 views

PT-2023-3389 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise affected versions not specified Description: The issue is related to multiple authenticated path traversal vulnerabilities in the command line interface of the Aruba EdgeConnect Enterprise platform. These...

6.5CVSS7.1AI score0.00648EPSS
Exploits0References8
Veracode
Veracode
added 2023/05/15 11:50 a.m.23 views

Denial Of Service (DoS)

libtiff.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to a buffer overflow when reading a file with multiple IFD which causes a memory corruption resulting in an application crash...

5.5CVSS7.6AI score0.00405EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/15 12:0 a.m.7 views

PT-2023-18344 · WordPress · Kiwiz Invoices Certification & Pdf System

Name of the Vulnerable Software and Affected Versions: KIWIZ Invoices Certification & PDF System WordPress plugin versions 2.1.3 and earlier Description: The issue allows an unauthenticated attacker to read or download arbitrary files, as well as perform PHAR unserialization if they can upload a...

7.5CVSS9.5AI score0.00866EPSS
Exploits2References7
SUSE CVE
SUSE CVE
added 2023/05/11 1:56 a.m.3 views

SUSE CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

8.8CVSS6.4AI score0.00753EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/05/11 12:0 a.m.10 views

CVE-2023-30172

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter...

7.4AI score0.00996EPSS
Exploits0References2
Rows per page
Query Builder