CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

390 matches found

Prion•added 2020/06/17 5:15 p.m.•11 views

Design/Logic Flaw

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames...

5CVSS7.5AI score0.01071EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/06/17 4:10 p.m.•20 views

CVE-2019-9944

7.5AI score0.01071EPSS

Exploits0References1

RedHat Linux•added 2020/04/28 3:59 p.m.•6 views

samba: smb client vulnerable to filenames containing path separators

A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working...

6.5CVSS7.3AI score0.03515EPSS

Exploits0References5

RedhatCVE•added 2020/04/07 11:36 a.m.•30 views

CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

5.3CVSS5.1AI score0.046EPSS

Exploits0References1

OSV•added 2019/12/13 3:15 p.m.•3 views

CVE-2019-5251

There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information...

5.5CVSS6.1AI score

Exploits0References1

OSV•added 2019/11/20 11:50 a.m.•7 views

SUSE-SU-2019:3019-1 Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-9537 fixes one issue. The following security issue was fixed: - CVE-2019-10220: Added sanity checks on the pathnames passed to the user space bsc1153108...

9.3CVSS8.5AI score0.05123EPSS

Exploits0References3

OSV•added 2019/11/13 7:15 p.m.•2 views

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

5.3CVSS6.2AI score

Exploits0References1

Tenable Nessus•added 2019/11/13 12:0 a.m.•59 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2953-1)

The SUSE Linux Enterprise 15-SP1 Azure Kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine...

9.8CVSS7.2AI score0.06652EPSS

Exploits2References154

OSV•added 2019/11/12 6:12 p.m.•8 views

SUSE-SU-2019:2950-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-12207: Untrusted virtual machines on Intel CPUs could exploit a race condition in the Instruction Fetch Unit of the Intel CPU to cause a Machine Excepti...

10CVSS8.9AI score0.98745EPSS

Exploits23References90

Prion•added 2019/11/06 10:15 a.m.•24 views

Design/Logic Flaw

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this...

4.3CVSS5.6AI score0.03515EPSS

Exploits0References9Affected Software2

Ubuntu•added 2019/10/29 3:28 p.m.•91 views

USN-4167-2: Samba vulnerabilities

USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecti...

6.5CVSS6.3AI score0.03515EPSS

Exploits1

CNVD•added 2019/10/29 12:0 a.m.•1 views

Unspecified vulnerability in Samba (CNVD-2019-39841)

Samba is a set of free software from the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A security vulnerability exis...

6.5CVSS6.8AI score0.03515EPSS

Exploits0References1

RedhatCVE•added 2019/10/24 7:21 a.m.•16 views

CVE-2019-17400

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion...

7.5CVSS2.6AI score0.01927EPSS

Exploits1References3

CNVD•added 2019/10/22 12:0 a.m.•1 views

unoconv package code issue vulnerability

The unoconv package is a software package for document format conversion. A code issue vulnerability vulnerability exists in versions of the unoconv package prior to 0.9, which stems from unoconv failing to properly handle untrustworthy pathnames, no details of the vulnerability are provided at...

7.5CVSS7AI score0.01927EPSS

Exploits1References1

OSV•added 2019/10/21 11:15 p.m.•8 views

CVE-2019-17400

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion...

7.5CVSS6.9AI score

Exploits0References2

OSV•added 2019/10/21 11:15 p.m.•1 views

DEBIAN-CVE-2019-17400

The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion...

7.5CVSS7.2AI score0.01927EPSS

Exploits1References1