Lucene search
K

49 matches found

NVD
NVD
added 2025/07/22 10:15 p.m.10 views

CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

7.5CVSS0.00822EPSS
Exploits1References4
OSV
OSV
added 2025/07/22 10:15 p.m.2 views

UBUNTU-CVE-2025-54141

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

7.5CVSS5.8AI score0.00822EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/07/22 9:35 p.m.2 views

CVE-2025-54141 ViewVC's standalone server exposes arbitrary server filesystem content

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

7.5CVSS6.3AI score0.00822EPSS
Exploits1References4
CVE
CVE
added 2025/07/22 9:35 p.m.27 views

CVE-2025-54141

ViewVC’s standalone server (standalone.py) is vulnerable to a directory-traversal style attack that can expose the host filesystem. Affected releases are ViewVC 1.1.0–1.1.31 and 1.2.0–1.2.3; the issue is fixed in 1.1.31 and 1.2.4. Impact is described as exposure of arbitrary filesystem content; n...

7.5CVSS7AI score0.00822EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/07/22 9:35 p.m.10 views

CVE-2025-54141 ViewVC's standalone server exposes arbitrary server filesystem content

ViewVC is a browser interface for CVS and Subversion version control repositories. In versions 1.1.0 through 1.1.31 and 1.2.0 through 1.2.3, the standalone.py script provided in the ViewVC distribution can expose the contents of the host server's filesystem though a directory traversal-style...

7.5CVSS0.00822EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2025/07/22 12:0 a.m.5 views

viewvc -- Arbitrary server filesystem content

cmpilato reports: The ViewVC standalone web server standalone.py is a script provided in the ViewVC distribution for the purposes of quickly testing a ViewVC configuration. This script can in particular configurations expose the contents of the host server's filesystem though a directory...

7.5CVSS7.2AI score0.00822EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.10 views

CVE-2023-51661

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

8.6CVSS6.9AI score0.00595EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:46 a.m.10 views

CVE-2019-6670

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5, vCMP hypervisors are incorrectly exposing the plaintext unit key for their vCMP guests on the filesystem...

4.4CVSS7AI score0.00207EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/28 3:47 p.m.1 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the runsc process, which has "root-like" permissions. An attacker can expose files on the underlying filesystem by escalating privileges before a project is forked. Remediation Upgrade...

7.8CVSS6.9AI score0.00072EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 6:46 a.m.11 views

CVE-2024-50310

A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 6GK7543-1AX10-0XE0 All versions = V4.0.44 V4.0.50. Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem...

8.7CVSS7.2AI score0.00471EPSS
Exploits0
OSV
OSV
added 2025/02/03 5:56 p.m.7 views

GHSA-2CCP-VQMV-4R4X S3Proxy allows insecure path traversal in filesystem and filesystem-nio2 storage backends

Impact Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to authenticated clients. Patches Upgrade to S3Proxy 2.6.0 which includes apache/jclouds@b0819e0ef5e08c792a4d1724b938714ce9503aa3 and 86b6ee4749aa163a78e7898efc063617ed171980. Workarounds...

6.9CVSS6AI score0.00528EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.6 views

PT-2024-36531

Name of the Vulnerable Software and Affected Versions h2oai/h2o-3 version 3.40.0.4 Description The issue is caused by an arbitrary system path lookup feature, allowing any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the problem resides in the...

5.3CVSS6.3AI score0.00835EPSS
Exploits1References12
OSV
OSV
added 2023/08/16 3:15 p.m.4 views

CVE-2023-40338

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system...

4.3CVSS5.9AI score0.00533EPSS
Exploits0References2
ICS
ICS
added 2022/05/10 12:0 a.m.158 views

Siemens Teamcenter

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

7.5CVSS8.2AI score0.01213EPSS
Exploits0References11
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.4 views

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Metrics Plugin in version 4.0.2.8 and earlier is vulnerable to an authorization issue that stems from an unencrypt...

5.5CVSS5.6AI score0.00319EPSS
Exploits0References6
OSV
OSV
added 2021/12/14 4:15 p.m.3 views

CVE-2021-44232

SAF-T Framework Transaction SAFTNG allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server...

7.7CVSS7.3AI score0.00975EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/06/10 8:42 a.m.4 views

runc: vulnerable to symlink exchange attack

The runc package is vulnerable to a symlink exchange attack whereby an attacker can request a seemingly innocuous container configuration that results in the host filesystem being bind-mounted into the container. The highest threat from this vulnerability is to data confidentiality and integrity ...

8.5CVSS6.9AI score0.06604EPSS
Exploits0References6
OSV
OSV
added 2020/11/10 6:15 p.m.4 views

CVE-2020-27403

A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below by TCL Technology Group Corporation allows an attacker on the adjacent network to arbitrarily browse and download sensitive files over an insecure web server running on port 7989 tha...

6.5CVSS6.9AI score0.02685EPSS
Exploits2References10
Vulnrichment
Vulnrichment
added 2019/03/27 1:38 p.m.7 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7AI score0.98507EPSS
Exploits18References12
OSV
OSV
added 2018/06/07 2:29 a.m.6 views

CVE-2017-16183

iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.5CVSS5.8AI score0.02005EPSS
Exploits1References2
Rows per page
Query Builder