Lucene search
K

372 matches found

OSV
OSV
added 2022/01/11 8:15 p.m.3 views

CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...

8.8CVSS6AI score0.01707EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/11/10 1:55 a.m.18 views

CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

6.5AI score0.01098EPSS
Exploits0References3
CNVD
CNVD
added 2021/09/24 12:0 a.m.22 views

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-87025)

IBM Sterling File Gateway is a suite of file transfer software from IBM Corporation. The software integrates different file transfer activity centers and helps file-based data to be securely exchanged over the Internet.An information disclosure vulnerability exists in IBM Sterling File Gateway,...

4.3CVSS1.5AI score0.00704EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/09/14 8:25 p.m.48 views

Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

3.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2021/09/14 8:25 p.m.15 views

GHSA-2RH5-JVGX-PGW3 Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

7AI score
Exploits0References3
OSV
OSV
added 2021/09/14 8:24 p.m.10 views

GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/09/14 8:24 p.m.37 views

Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

3.5AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.2 views

Microsoft Exchange Server 安全漏洞

Exchange is a messaging and collaboration system that is a suite of e-mail service components from Microsoft. Microsoft Exchange Server Arbitrary File Write Vulnerability. An attacker can exploit this vulnerability to write a file to any path on the server after authenticating through the Exchang...

7.8CVSS5.7AI score0.89509EPSS
Exploits3References3
OSV
OSV
added 2021/01/12 3:15 p.m.4 views

CVE-2020-4674

IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287...

4.3CVSS5.8AI score0.00806EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/01/12 2:45 p.m.10 views

CVE-2020-4674

IBM Workload Automation 9.5 stores the server path in URLs that could aid in further attacks against the system. IBM X-Force ID: 186287...

4.3CVSS4.4AI score0.00806EPSS
Exploits0References2
CNVD
CNVD
added 2020/11/23 12:0 a.m.19 views

libvips Information Disclosure Vulnerability

libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips having uninitialized variables. An attacker could use this...

5.3CVSS3.7AI score0.0198EPSS
Exploits1References1
OSV
OSV
added 2020/11/20 7:15 p.m.16 views

CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3CVSS6.8AI score
Exploits0References4
OSV
OSV
added 2020/11/20 7:15 p.m.1 views

DEBIAN-CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3CVSS6.3AI score0.0198EPSS
Exploits1References1
NVD
NVD
added 2020/11/20 7:15 p.m.14 views

CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3CVSS5.4AI score0.0198EPSS
Exploits1References4
OSV
OSV
added 2020/11/20 7:15 p.m.4 views

UBUNTU-CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3CVSS6.8AI score0.0198EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2020/11/20 7:15 p.m.17 views

CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3CVSS6.8AI score0.0198EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/11/20 6:16 p.m.20 views

CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3AI score0.0198EPSS
Exploits1References4
CVE
CVE
added 2020/11/20 6:16 p.m.112 views

CVE-2020-20739

CVE-2020-20739 affects VIPS (libvips) where im_vips2dz in libvips/deprecated/im_vips2dz.c uses an uninitialized variable, potentially leaking a remote server path or stack address. Multiple advisories reference VIPS and CVE-2020-20739 in the context of the upstream library and vendor updates. Deb...

5.3CVSS5.3AI score0.0198EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2020/11/20 6:16 p.m.29 views

CVE-2020-20739

imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address...

5.3CVSS6.3AI score0.0198EPSS
Exploits1
CNNVD
CNNVD
added 2020/11/20 12:0 a.m.8 views

libvips 安全漏洞

libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from imvips2dz in /libvips/libvips/deprecated/imvips2dz.c in libvips having uninitialized variables. An attacker could use this...

5.3CVSS6.8AI score0.0198EPSS
Exploits1References7
Rows per page
Query Builder