Lucene search
K

173 matches found

BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.4 views

The vulnerability of the NTFS file system in Windows operating systems allows attackers to increase their privileges.

The vulnerability of the NTFS file system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.8CVSS8AI score0.00657EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.6 views

The vulnerability of the NTFS file system of the Windows operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the NTFS file system in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

6.8CVSS7.6AI score0.02719EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.6 views

The vulnerability of the NTFS file system in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the NTFS file system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

5.5CVSS7.9AI score0.00731EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.23 views

Ubuntu 24.04 LTS : Linux kernel (OEM) vulnerabilities (USN-7386-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7386-1 advisory. Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker...

9.1CVSS8.2AI score0.03301EPSS
Exploits3References313
OSV
OSV
added 2025/03/27 10:1 p.m.7 views

USN-7388-1 linux-aws-5.15, linux-kvm vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

8.1CVSS7AI score0.03558EPSS
Exploits4References357
Cvelist
Cvelist
added 2025/03/25 4:46 a.m.13 views

CVE-2024-10209 Incorrect Permission Assignment in APROL file system

An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL 4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user...

8.5CVSS0.00126EPSS
Exploits0References1
NVD
NVD
added 2025/03/17 5:15 p.m.10 views

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

7.5CVSS0.00473EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/17 1:19 p.m.15 views

CVE-2025-29787 zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...

7.3CVSS0.005EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/03/17 12:0 a.m.6 views

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

7AI score0.00473EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/17 12:0 a.m.16 views

CVE-2025-25685

An issue was discovered in GL-INet Beryl AX GL-MT3000 v4.7.0. Attackers are able to download arbitrary files from the device's file system via adding symbolic links on an external drive used as a samba share...

0.00473EPSS
Exploits0References1
OSV
OSV
added 2025/03/14 6:48 p.m.2 views

GHSA-8VVX-QVQ9-5948 Flowise allows arbitrary file write to RCE

Summary An attacker could write files with arbitrary content to the filesystem via the /api/v1/document-store/loader/process API. An attacker can reach RCERemote Code Execution via file writing. Details All file writing functions in packages/components/src/storageUtils.ts are vulnerable. -...

10CVSS8.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2022-48700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 2024-08-27: CVE-2022-48700 was added to this advisory. 2024-08-27: CVE-2022-48671 was added to this advisory. 2024-08-27: CVE-2022-48672 was added to this...

7.8CVSS7.7AI score0.01281EPSS
Exploits4References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 3:30 p.m.8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an attacker with deploy privilege (CVE-2025-0799)

Summary Malicious bar files could allow an attacker with deploy privilege to write arbitrary files on the file system for a running IBM App Connect Enterprise installation. Vulnerability Details CVEID:CVE-2025-0799 DESCRIPTION: IBM App Connect enterprise could allow an authenticated user to write...

6.5CVSS6.7AI score0.00459EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/02/01 4:2 a.m.12 views

CVE-2024-51534

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial o...

7.1CVSS0.00182EPSS
Exploits0References1
Veracode
Veracode
added 2024/12/20 8:10 a.m.19 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Apache Tomcat is vulnerable to a Time-of-check Time-of-use TOCTOU Race Condition. The vulnerability is lack of proper synchronization between the time the system checks a file's state and when it actually uses the file, allowing an attacker to manipulate the file system state during the brief...

9.8CVSS7AI score0.43663EPSS
Exploits13References16Affected Software3
Vulnrichment
Vulnrichment
added 2024/12/19 5:15 p.m.16 views

CVE-2024-38819

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.54862EPSS
Exploits6References1
CVE
CVE
added 2024/12/12 2:14 p.m.55 views

CVE-2024-21575

CVE-2024-21575 affects ComfyUI-Impact-Pack. Root cause: missing validation of image.filename in the POST /upload/temp endpoint, enabling path traversal and arbitrary file writes on the server. Consequence: under some conditions this can lead to remote code execution (RCE). CVSS vectors indicate h...

9.2CVSS7.9AI score0.00973EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/06 4:35 p.m.11 views

CVE-2024-50404 Qsync Central

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central...

6.8CVSS7AI score0.01394EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.6 views

The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome browsers allows attackers to bypass file system restrictions.

The vulnerability of the FileSystem component in Microsoft Edge and Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass file system restrictions by using a specially created HTML page...

5CVSS5.5AI score0.00277EPSS
Exploits0References12Affected Software6
NVD
NVD
added 2024/11/22 11:15 p.m.13 views

CVE-2024-50054

The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system...

8.7CVSS0.00684EPSS
Exploits0References1
Rows per page
Query Builder