Lucene search
K

3349 matches found

Cvelist
Cvelist
added 2023/02/16 12:0 a.m.23 views

CVE-2023-22380 Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This...

6.5AI score0.00682EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-4850

curl/interface.c in the cURL library aka libcurl in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safemode and openbasedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563...

5CVSS7.2AI score0.05575EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

7.5CVSS7.1AI score0.02997EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.5 views

SUSE CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

6.1CVSS6.9AI score0.00799EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.5 views

SUSE CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7AI score0.0386EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.8 views

PT-2023-8557 · WordPress · Extensive Vc Addons

Name of the Vulnerable Software and Affected Versions: Extensive VC Addons for WPBakery page builder WordPress plugin versions prior to 1.9.1 Description: The issue is related to incorrect validation of a parameter passed to the php extract function when loading templates. This allows an...

7.8CVSS7.8AI score0.55736EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2023/02/01 9:9 a.m.7 views

CVE-2023-24977 Apache InLong: Jdbc Connection causes arbitrary file reading in InLong

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214...

7.5AI score0.0116EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 9:9 a.m.38 views

CVE-2023-24977 Apache InLong: Jdbc Connection causes arbitrary file reading in InLong

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214...

7.7AI score0.0116EPSS
Exploits0References1
OSV
OSV
added 2023/01/31 8:15 a.m.3 views

CVE-2022-39059

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

7.5CVSS5.9AI score0.0099EPSS
Exploits0References1
NVD
NVD
added 2023/01/31 8:15 a.m.18 views

CVE-2022-39059

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

7.5CVSS7.6AI score0.0099EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/31 12:0 a.m.22 views

CVE-2022-39059 ChangingTec MegaServiSignAdapter - Path Traversal

ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files...

7.5CVSS7.8AI score0.0099EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/26 12:0 a.m.31 views

Mozilla Thunderbird < 102.7

The version of Thunderbird installed on the remote Windows host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-03 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.6. Some of...

8.8CVSS8.3AI score0.00892EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.60 views

Oracle Linux 7 : firefox (ELSA-2023-0296)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0296 advisory. 102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

8.8CVSS7.9AI score0.00892EPSS
Exploits0References9
CVE
CVE
added 2023/01/17 11:48 p.m.64 views

CVE-2022-43494

GE Digital Proficy Historian is affected by a vulnerability (CVE-2022-43494) described as improper access control that could allow an unauthorized user to read any file on the system. The issue is tied to insufficient access controls in Proficy Historian v7.0 and newer, enabling potential exposur...

7.5CVSS6.2AI score0.00546EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/17 11:48 p.m.20 views

CVE-2022-43494

An unauthorized user could be able to read any file on the system, potentially exposing sensitive information...

7.5CVSS7.5AI score0.00546EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.3 views

PT-2023-1153 · Ge · Proficy Historian

Name of the Vulnerable Software and Affected Versions: GE Proficy Historian affected versions not specified Description: The issue is related to insufficient access control, which could allow an unauthorized user to read any file on the system, potentially exposing sensitive information. An...

7.8CVSS6.3AI score0.00546EPSS
Exploits0References9
CNVD
CNVD
added 2023/01/08 12:0 a.m.32 views

Arbitrary File Read Vulnerability in Istar Electronic Document Security Management System (CNVD-2023-09184)

Easetone electronic document security management system is an electronic document security encryption software. Yisetong Electronic Document Security Management System has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2022/12/23 8:50 p.m.41 views

CVE-2022-23854

AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server...

7.5CVSS7.8AI score0.45957EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2022/12/21 12:0 a.m.8 views

CVE-2022-36221

Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system...

6.3AI score0.00791EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/12/19 9:9 p.m.78 views

Cortex's Alertmanager can expose local files content via specially crafted config

Impact A local file inclusion vulnerability exists in Cortex versions v1.13.0, v1.13.1 and v1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users o...

6.5CVSS6AI score0.00753EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder