Lucene search
K

3349 matches found

CNNVD
CNNVD
added 2022/12/15 12:0 a.m.3 views

Zabbix 输入验证错误漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. Zabbix Web Service Report Generation has a security vulnerability that stems from its service does not properly validate URL parameters...

5.9CVSS6.1AI score0.47772EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.2 views

PT-2022-27452 · Linx · Linx Sphere Linx

Name of the Vulnerable Software and Affected Versions: Linx Sphere LINX version 7.35.ST15 Description: A directory traversal issue in the SCS.Web.Server.SPI/1.0 component allows attackers to read arbitrary files. Recommendations: For Linx Sphere LINX version 7.35.ST15, at the moment, there is no...

7.5CVSS7.8AI score0.03092EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/12/08 5:37 p.m.9 views

CVE-2022-46826

In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability...

6.2CVSS6.9AI score0.00222EPSS
Exploits0References1
Prion
Prion
added 2022/12/07 5:15 p.m.6 views

Directory traversal

Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...

5CVSS5.1AI score0.01335EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/30 7:26 p.m.9 views

CVE-2022-43518

An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise...

4.9CVSS6.7AI score0.00703EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/11/22 12:30 p.m.22 views

OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...

5.5CVSS5.6AI score0.01383EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/22 10:15 a.m.18 views

CVE-2022-40954

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider...

5.5CVSS5.6AI score
Exploits0References2
CNVD
CNVD
added 2022/11/18 12:0 a.m.19 views

FreeRDP path traversal vulnerability

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP is vulnerable to a path traversal vulnerability that stems from a lack of path normalization and basic path checking for the "drive" channel. An attacker could use this vulnerability to read...

5.7CVSS3AI score0.00889EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/11/17 12:0 a.m.24 views

CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

5.7CVSS6AI score0.00889EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/11/16 12:0 a.m.38 views

CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

5.7CVSS5.8AI score0.00889EPSS
Exploits0
NVD
NVD
added 2022/11/15 8:15 p.m.20 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.1CVSS0.01328EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.18 views

Design/Logic Flaw

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...

5CVSS7.5AI score0.01061EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.42 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.5AI score0.01328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45388

Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system...

6.8AI score0.01061EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/10 7:30 a.m.5 views

CVE-2022-31255 SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files...

4.3CVSS7AI score0.0068EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/07 12:0 a.m.8 views

CVE-2022-43319

An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files...

7.2AI score0.00706EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.13 views

Gin-Vue-Admin 代码问题漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A code issue exists in Gin-Vue-Admin versions prior to 2.5.4, which stems from a validation of the fileMd5 and fileName parameters, which could lead to reading arbitrary files...

9.8CVSS8.5AI score0.01059EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.5 views

CVE-2022-43429

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system...

7.5AI score0.006EPSS
Exploits0References2
NVD
NVD
added 2022/10/14 7:15 p.m.16 views

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

9.1CVSS0.01075EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.9 views

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

9.2AI score0.01075EPSS
Exploits1References1
Rows per page
Query Builder