CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

CISA KEV Catalog•added 2022/03/25 12:0 a.m.•21 views

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

7.5CVSS7.5AI score0.95586EPSS

In wildExploits3

RedHat Linux•added 2021/08/11 6:21 p.m.•3 views

spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack

A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack...

7.5CVSS7.4AI score0.95586EPSS

Exploits3References5

Vulnrichment•added 2020/06/02 4:50 p.m.•9 views

CVE-2020-5410 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.8AI score0.95586EPSS

Exploits3References1

ATTACKERKB•added 2020/06/01 12:0 a.m.•41 views

CVE-2020-5410

7.5CVSS7.5AI score0.95586EPSS

In wildExploits3References2

RedhatCVE•added 2020/04/24 10:33 p.m.•21 views

CVE-2020-5405

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...

6.5CVSS5.4AI score0.68542EPSS

Exploits0References3

NVD•added 2020/03/05 7:15 p.m.•30 views

CVE-2020-5405

6.5CVSS6.5AI score0.68542EPSS

Exploits0References1

Prion•added 2020/03/05 7:15 p.m.•13 views

Directory traversal

4.3CVSS6.4AI score0.68542EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2019/05/13 8:25 a.m.•27 views

CVE-2019-3799

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.5CVSS5.5AI score0.85295EPSS

Exploits6References3

Prion•added 2019/05/06 4:29 p.m.•21 views

Directory traversal

4.3CVSS6.6AI score0.85295EPSS

Exploits6References2Affected Software2

Veracode•added 2019/04/17 9:12 a.m.•25 views

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...

6.5CVSS6.7AI score0.85295EPSS

Exploits6References6Affected Software1

CVE•added 2017/11/15 6:0 p.m.•41 views

CVE-2014-3150

CVE-2014-3150 affects Livebox 1.1. Remote authenticated attackers can upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted JavaScript. The connected sources corroborate the vulnerability but do not provide detailed root cause, affected...

9CVSS8.1AI score0.01862EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by