Lucene search
K

3349 matches found

CVE
CVE
added 2022/01/07 9:59 p.m.120 views

CVE-2022-22701

PartKeepr vulnerability (CVE-2022-22701) affects PartKeepr up to v1.4.0 and is triggered when loading attachments by URL, enabling the use of the file:// URI scheme. An authenticated user can read local files due to how attachments are loaded during part creation. Impact is read access to local f...

6.5CVSS6.1AI score0.01017EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2022/01/05 12:0 a.m.12 views

TerraMaster TOS 4.2.x session forgery, arbitrary file reading, remote command execution, and other vulnerabilities

TerraMaster is a globally recognized professional storage brand that focuses on providing professional private cloud storage devices for users around the world. The vulnerabilities in TerraMaster TOS 4.2.x session forgery, arbitrary file reading, and remote command execution can be exploited to...

8.1AI score
Exploits0
NVD
NVD
added 2022/01/03 1:15 p.m.8 views

CVE-2021-44674

An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory...

6.5CVSS0.01262EPSS
Exploits0References4
PyPA
PyPA
added 2022/01/01 1:15 a.m.4 views

PYSEC-2022-43065

GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment...

5.5CVSS7.5AI score0.01491EPSS
Exploits1References20Affected Software1
CNVD
CNVD
added 2021/12/28 12:0 a.m.11 views

Mozilla Rust messagepack-rs crate file reading vulnerability (CNVD-2022-04510)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust messagepack-rs crate has a security vulnerability in versions prior to 2021-01-26, which can be exploited by attackers to deserializebinary to read data from an uninitialized memory location...

9.8CVSS4.6AI score0.01191EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/28 12:0 a.m.14 views

Mozilla Rust rdiff crate file reading vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust rdiff crate has a security vulnerability in versions prior to 2021-02-03, which can be exploited to read data from uninitialized memory locations...

7.5CVSS4AI score0.01059EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/28 12:0 a.m.13 views

Mozilla Rust messagepack-rs crate file reading vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. rust messagepack-rs crate has a security vulnerability in versions prior to 2021-01-26, which could be exploited by attackers to read data from uninitialized memory locations...

9.8CVSS4.6AI score0.01191EPSS
Exploits0References1
Prion
Prion
added 2021/12/26 1:15 a.m.15 views

Design/Logic Flaw

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10...

2.7CVSS4.9AI score0.0037EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/12/26 1:4 a.m.22 views

CVE-2021-45494

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10...

8.4CVSS8.4AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/25 12:0 a.m.0 views

Vim 缓冲区错误漏洞

Vim is a UNIX-based editor. vim suffers from a buffer overflow vulnerability, which stems from the fact that vim is vulnerable to out -bounds Read attacks, which can be exploited by attackers to read files out of bounds...

7.1CVSS8.4AI score0.01586EPSS
Exploits1References30
Talos
Talos
added 2021/12/20 12:0 a.m.58 views

Garrett Metal Detectors iC Module CMA CLI readfile stack-based buffer overflow vulnerabilities

Summary Two stack-based buffer overflow vulnerabilities exist in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. Convincing the system to call readfile on a specially-crafted file can lead to stack-based buffer overflows. An attacke...

8.5CVSS8.2AI score0.00953EPSS
Exploits1
CNVD
CNVD
added 2021/12/08 12:0 a.m.22 views

Grafana Unauthorized Arbitrary File Reading Vulnerability

Grafana Data Visualization Web Application Platform. Grafana Unauthorized Arbitrary File Reading vulnerability can be exploited by attackers to obtain sensitive information...

4.4AI score
Exploits0References1
CVE
CVE
added 2021/12/07 4:5 p.m.36 views

CVE-2021-37086

Technical details for CVE-2021-37086 are not publicly available in the provided documents; monitor for updates from vendors and security advisories.

8.6CVSS8.4AI score0.00637EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/01 12:0 a.m.2 views

PT-2021-5603 · Unknown · Crafter Cms

Name of the Vulnerable Software and Affected Versions: Crafter CMS versions affected versions not specified Description: The issue allows unauthenticated remote attackers to read textual content via FreeMarker, including files in /scripts/, /templates/, and some non-binary files in /.git/. This i...

7.8CVSS7.4AI score0.01581EPSS
Exploits0References7
OSV
OSV
added 2021/11/29 12:0 p.m.13 views

RUSTSEC-2021-0126 RustEmbed generated `get` method allows for directory traversal when reading files from disk

When running in debug mode and the debug-embed off by default feature is not enabled, the generated get method does not check that the input path is a child of the folder given. This allows attackers to read arbitrary files in the file system if they have control over the filename given. The...

7.5CVSS7.3AI score0.01593EPSS
Exploits1References3
OSV
OSV
added 2021/11/29 7:15 a.m.3 views

UBUNTU-CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

5.3CVSS6.8AI score0.25951EPSS
Exploits1References5
Cvelist
Cvelist
added 2021/11/29 6:25 a.m.30 views

CVE-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

5.3CVSS7.1AI score0.25951EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2021/11/29 6:25 a.m.92 views

CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

5.3CVSS7.2AI score0.25951EPSS
Exploits1
CNVD
CNVD
added 2021/11/26 12:0 a.m.16 views

Arbitrary File Read Vulnerability in Cyber-Sign's NetSign Digital Signature System

Ltd. is the earliest professional vendor engaged in the research, development and application of PKI technology in China. There is an arbitrary file reading vulnerability in the NetSign digital signature system, which can be exploited by an attacker to read server files...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/11/23 10:3 p.m.49 views

Arbitrary file reading vulnerability in Aim

Impact A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and...

8.6CVSS1AI score0.01846EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder