Lucene search
K

35 matches found

OSV
OSV
added 2024/07/10 2:15 a.m.2 views

DEBIAN-CVE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS6.1AI score0.00458EPSS
Exploits0References1
OSV
OSV
added 2024/05/21 4:15 p.m.4 views

DEBIAN-CVE-2023-52760

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2qddealloc In gfs2putsuper, whether withdrawn or not, the quota should be cleaned up by gfs2quotacleanup. Otherwise, struct gfs2sbd will be freed before gfs2qddealloc rcu callback has run for a...

7.8CVSS6.1AI score0.00269EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/08 8:54 a.m.4 views

nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write

A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/...

6.5CVSS7.2AI score0.00945EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.2 views

SUSE CVE-2017-5011

Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page...

6.5CVSS8.7AI score0.01494EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/09/19 4:15 p.m.2 views

CVE-2022-40715

An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily...

6.5CVSS5.9AI score0.01044EPSS
Exploits0References2
NVD
NVD
added 2021/08/31 6:15 p.m.16 views

CVE-2021-36233

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows by design an authenticated attacker to read arbitrary files from the filesystem by specifying the file path...

6.5CVSS0.01008EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/07/25 8:8 p.m.12 views

CVE-2021-37469

In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem...

6.5AI score0.01244EPSS
Exploits1References2
OSV
OSV
added 2020/12/24 4:15 p.m.3 views

CVE-2020-27727

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem...

4.9CVSS5.8AI score0.00842EPSS
Exploits0References1
Prion
Prion
added 2020/12/24 4:15 p.m.23 views

Design/Logic Flaw

On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem...

4CVSS4.9AI score0.00842EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2018/07/24 3:0 p.m.17 views

CVE-2017-3209 The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user

The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. The DBPower U818A WIFI quadcopter drone runs an FTP server that by default allows anonymous access without a password, and provides full filesystem...

8.2AI score0.01203EPSS
Exploits0References3
NVD
NVD
added 2018/04/04 8:29 p.m.8 views

CVE-2018-1002150

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1...

9.1CVSS9.3AI score0.01667EPSS
Exploits0References2
CVE
CVE
added 2017/09/20 2:0 p.m.60 views

CVE-2017-8770

CVE-2017-8770 affects the BE126 WIFI repeater (1.0). A crafted getpage parameter allows local file disclosure, enabling an attacker to read the device’s entire filesystem. Public details in connected records confirm a Local File Disclosure vulnerability with proofs of concept (e.g., LFI via getpa...

7.8CVSS7.3AI score0.10292EPSS
Exploits3References2Affected Software1
RedHat Linux
RedHat Linux
added 2017/08/01 2:13 p.m.2 views

Kernel: fs: umount denial of service

The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...

5.5CVSS6.6AI score0.00461EPSS
Exploits0References4
CNVD
CNVD
added 2017/06/26 12:0 a.m.4 views

Cisco Prime Collaboration Provisioning Arbitrary File Download Vulnerability

Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. A security vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool allows an unauthenticated, remote attacker to download arbitrary files and read files within the...

6.5CVSS7AI score0.02992EPSS
Exploits0References1
OSV
OSV
added 2017/01/27 12:0 a.m.6 views

UBUNTU-CVE-2017-5011

Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page...

6.5CVSS7AI score0.01494EPSS
Exploits0References4
Rows per page
Query Builder