Lucene search
K

60 matches found

CVE
CVE
added 2024/08/15 2:24 p.m.284 views

CVE-2024-7262

Kingsoft WPS Office for Windows is affected by CVE-2024-7262 due to improper path validation in promecefpluginhost.exe. Versions 12.2.0.13110–12.2.0.16412 (exclusive) are exploitable via a weaponized, single-click embedded spreadsheet document that can load an arbitrary Windows library. Connected...

9.3CVSS7.5AI score0.01773EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/08/15 12:0 a.m.27 views

CVE-2024-7262

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 exclusive on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive...

9.3CVSS6.9AI score0.01773EPSS
In wildExploits0References2
CNVD
CNVD
added 2024/07/19 12:0 a.m.7 views

LG Simple Editor Remote Code Execution Vulnerability (CNVD-2024-33686)

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

9.8CVSS7.7AI score0.01483EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/19 12:0 a.m.8 views

LG Simple Editor Remote Code Execution Vulnerability (CNVD-2024-33689)

LG Simple Editor is a simple editor from Luckin LG Korea that creates new content by simplifying the process and instant playback on signage. LG Simple Editor suffers from a remote code execution vulnerability that is caused by failing to properly validate a user-supplied path before using it in ...

9.8CVSS7.7AI score0.67414EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

Pulse Secure Client 安全漏洞

Pulse Secure Client is a suite of client software from Pulse Secure USA for end devices that access the Pulse Secure gateway. A security vulnerability exists in Pulse Secure Client that stems from failure to properly validate a user-supplied path before using it in a file operation, allowing a...

7.8CVSS7.4AI score0.0097EPSS
Exploits0References2
NVD
NVD
added 2024/04/04 9:15 p.m.22 views

CVE-2024-30270

mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...

6.2CVSS6.6AI score0.27346EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.5 views

PT-2024-14223 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this issue, the existing authentication...

7.2CVSS7.8AI score0.02091EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.4 views

LG LED Assistant Path Traversal Vulnerability

LG LED Assistant is a software from Luckin LG Korea. It is used to set up LED lights. A security vulnerability exists in LG LED Assistant that originates from failure to properly validate a user-supplied path before using it in a file operation, allowing remote attackers to disclose information...

7.5CVSS6.5AI score0.01251EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.4 views

Keysight Technologies N6854A Geolocation server 代码问题漏洞

Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies, Inc. A security vulnerability exists in Keysight Geolocation Server v2.4.2 and prior versions, which stems from improper path validation and allows an attacker to upload a specially crafted malicio...

7.8CVSS7.3AI score0.00239EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.4 views

Enterprise Distributed Technologies CompleteFTP Server 路径遍历漏洞

Enterprise Distributed Technologies CompleteFTP Server is a Windows-based SFTP SHH File Transfer Protocol server from Enterprise Distributed Technologies, Australia. A path traversal vulnerability exists in Enterprise Distributed Technologies CompleteFTP Server version v22.1.0, which arises from...

9.1CVSS7.8AI score0.77688EPSS
Exploits0References2
Prion
Prion
added 2020/03/30 10:15 p.m.16 views

Input validation

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths or a leak of OS credentials to a remote system via crafted network packets. This could be used to execute arbitrary commands on the system...

10CVSS9.6AI score0.02353EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/03/30 9:31 p.m.69 views

CVE-2019-19606

X-Plane prior to 11.41 contains an OS command injection due to multiple improper path validations. A crafted network packet could cause reading/writing files to arbitrary paths and potentially leak credentials, enabling execution of arbitrary commands. Affected: X-Plane 11.x

10CVSS9.6AI score0.02353EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for yum-utils (EulerOS-SA-2018-1319)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS8.2AI score0.0571EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/09/04 2:3 p.m.100 views

Important: Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.3CVSS7.2AI score0.0571EPSS
Exploits0References5
NVD
NVD
added 2018/08/21 2:29 p.m.22 views

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

8.8CVSS7.9AI score0.02185EPSS
Exploits0References2
CNVD
CNVD
added 2018/08/21 12:0 a.m.4 views

Emerson Electric Deltav Path Traversal Vulnerability

Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A path traversal vulnerability exists in Emerson Electric DeltaV, which stems from the program failing to properly...

8.8CVSS8.5AI score0.02185EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/08/02 12:0 a.m.129 views

RHEL 6 : yum-utils (RHSA-2018:2284)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2284 advisory. - yum-utils: reposync: improper path validation may lead to directory traversal CVE-2018-10897 Note that Nessus has not tested for this issue but has...

9.3CVSS7.6AI score0.0571EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/07/30 5:57 p.m.186 views

Important: Red Hat Security Advisory: yum-utils security update

An update for yum-utils is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.3CVSS7.1AI score0.0571EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/04/29 8:24 p.m.5 views

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

8.8CVSS5.7AI score0.02418EPSS
Exploits0References5
CNVD
CNVD
added 2018/01/23 12:0 a.m.4 views

NetGain Systems Enterprise Manager Information Disclosure Vulnerability (CNVD-2018-03264)

Netgain Enterprise Manager is a suite of IT asset monitoring and management software from NetGain Systems, Singapore. An information disclosure vulnerability in the org.apache.jsp.u.jsp.designer.script005fsamplesjsp servlet in NetGain Enterprise Manager version 7.2.730 build 1034 arises from a...

6.5CVSS6.1AI score0.03391EPSS
Exploits0References1
Rows per page
Query Builder