Lucene search
K

223 matches found

BDU FSTEC
BDU FSTEC
added 2024/01/22 12:0 a.m.6 views

The vulnerability of the Filesystem component in Oracle Solaris allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Filesystem component in Oracle Solaris is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

3.8CVSS6.3AI score0.00194EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/01/19 8:15 p.m.16 views

Design/Logic Flaw

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

5CVSS7.4AI score0.03152EPSS
Exploits2References3Affected Software1
Debian CVE
Debian CVE
added 2024/01/10 4:3 p.m.16 views

CVE-2023-45139

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

7.5CVSS7.6AI score0.01228EPSS
Exploits1
OSV
OSV
added 2023/11/01 4:33 a.m.2 views

SUSE-SU-2023:4329-1 Security update for slurm

This update for slurm fixes the following issues: - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. bsc1216207...

7CVSS6.9AI score0.00196EPSS
Exploits0References4
OSV
OSV
added 2023/10/17 10:15 p.m.5 views

CVE-2023-22128

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Successful attacks require human...

3.1CVSS5.8AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2023/08/16 10:15 p.m.18 views

CVE-2023-20197

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

7.5CVSS7.4AI score0.00883EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/08/16 9:43 p.m.30 views

CVE-2023-20197

A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is...

7.5CVSS7.4AI score0.00883EPSS
Exploits0
Prion
Prion
added 2023/07/13 2:15 a.m.23 views

Path traversal

Improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root...

6.5CVSS8.6AI score0.42911EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2023/06/26 11:15 p.m.20 views

CVE-2023-30945

Multiple Services such as VHSVideo History Server and VCDVideo Clip Distributor and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesyst...

9.8CVSS9.7AI score0.00726EPSS
Exploits0References1
Prion
Prion
added 2023/05/18 3:15 a.m.20 views

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker cou...

4CVSS6.5AI score0.00839EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/09 6:15 p.m.23 views

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

7.5CVSS7.8AI score0.19884EPSS
Exploits1References2
Prion
Prion
added 2023/05/09 6:15 p.m.20 views

Command injection

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

5CVSS7.8AI score0.19884EPSS
Exploits1References2Affected Software32
NVD
NVD
added 2023/05/09 4:15 p.m.21 views

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

7.5CVSS7.7AI score0.00804EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/09 12:0 a.m.21 views

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

7.9AI score0.00804EPSS
Exploits1References2
Prion
Prion
added 2023/04/19 8:15 p.m.17 views

Design/Logic Flaw

In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892...

4CVSS6.6AI score0.0009EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/30 12:0 a.m.7 views

The vulnerability of the ntfs_read_mft() function in the kernel module fs/ntfs3/inode.c of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ntfsreadmft function in the fs/ntfs3/inode.c file of the Linux kernel is related to the lack of checks for valid attribute sizes. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS6.5AI score0.00266EPSS
Exploits0References23Affected Software4
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.4 views

SUSE CVE-2021-38203

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service deadlock via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system spaceinfo...

5.5CVSS6.2AI score0.00365EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.2 views

SUSE CVE-2022-3621

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is...

4.3CVSS5.8AI score0.01218EPSS
Exploits0References28
Veracode
Veracode
added 2023/02/12 3:47 p.m.21 views

Arbitrary File Deletion

github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...

9.6CVSS8AI score0.00956EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/01/18 2:31 p.m.29 views

CVE-2022-45103

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system...

6.5CVSS6.5AI score0.00743EPSS
Exploits0References1
Rows per page
Query Builder