Lucene search
K

23 matches found

Ubuntu
Ubuntu
added 2026/04/22 6:4 p.m.13 views

USN-8199-1: OpenStack Glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

7.1CVSS5.9AI score0.00835EPSS
Exploits1
EUVD
EUVD
added 2025/10/10 10:55 p.m.6 views

EUVD-2025-33798

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool...

9.9CVSS6.5AI score0.11853EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.3 views

CVE-2021-37126

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...

7.5CVSS7.1AI score0.00828EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/12 3:29 a.m.4 views

SUSE CVE-2025-32395

Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. HTTP 1.1 spec RFC 9112 does not allow in request-target. Although an attacker can sen...

6CVSS6.9AI score0.01736EPSS
Exploits2References3
OSV
OSV
added 2025/04/11 2:6 p.m.2 views

GHSA-356W-63V5-8WF4 Vite has an `server.fs.deny` bypass with an invalid `request-target`

Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. Impact Only apps with the following conditions are affected. - explicitly exposing the Vite dev server to the network using --host or server.host config option - running the Vite de...

6CVSS6.7AI score0.01736EPSS
Exploits2References4
Veracode
Veracode
added 2025/02/05 1:27 a.m.10 views

Arbitrary File Exposure

@vitest/browser is vulnerable to Arbitrary File Exposure. The vulnerability is due to the screenshot-error handler on the browser mode HTTP server improperly responding with any file on the file system when browser.api.host: true is set, allowing remote attackers to access arbitrary files...

7.5CVSS7.3AI score0.02317EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/11/07 12:27 p.m.6 views

USN-6882-2 cinder regression

USN-6882-1 fixed vulnerabilities in Cinder. The update caused a regression in certain environments due to incorrect privilege handling. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin Kaesberger discovered that Cinder incorrectly handled QCOW2...

6.5CVSS7.2AI score0.01025EPSS
Exploits1References3
Veracode
Veracode
added 2024/09/20 10:52 a.m.18 views

Local File Inclusion (LFI)

vite is vulnerable to arbitrary file exposure. The vulnerability is due to improper enforcement of file access restrictions in the @fs mechanism, allowing attackers to bypass the allow list by adding ?import to the URL and retrieving the contents of arbitrary files...

4.8CVSS5.1AI score0.0103EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/09/17 6:44 p.m.3 views

GHSA-9CWX-2883-4WFX Vite's `server.fs.deny` is bypassed when using `?import&raw`

Summary The contents of arbitrary files can be returned to the browser. Details @fs denies access to files outside of Vite serving allow list. Adding ?import&raw to the URL bypasses this limitation and returns the file content if it exists. PoC sh $ npm create vite@latest $ cd vite-project/ $ npm...

6.9CVSS5.9AI score0.0103EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/10/14 12:0 a.m.3 views

IBM Security Directory Server Path Traversal Vulnerability

IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A security vulnerability exists i...

7.5CVSS6.7AI score0.01172EPSS
Exploits0References4
NCSC
NCSC
added 2023/10/03 12:0 a.m.6 views

Vulnerability fixed in IBM License Metric Tool

A vulnerability has been fixed in IBM License Metric Tool A malicious party can send a specially crafted URL request with "dot dot" strings /../ to send arbitrary files on the system. IBM has released updates to fix the vulnerability. More information can be found on the page below:...

7.5CVSS6.8AI score0.00816EPSS
Exploits0
Prion
Prion
added 2022/09/02 7:15 a.m.18 views

Race condition

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

1CVSS4.7AI score0.00593EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/01/03 10:15 p.m.1 views

CVE-2021-37126

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/01/03 10:15 p.m.17 views

CVE-2021-37126

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...

7.5CVSS0.00828EPSS
Exploits0References1
OSV
OSV
added 2022/01/03 10:15 p.m.3 views

CVE-2021-37125

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...

7.5CVSS7.1AI score0.00672EPSS
Exploits0References1
Prion
Prion
added 2022/01/03 10:15 p.m.14 views

Design/Logic Flaw

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed...

5CVSS7.5AI score0.00828EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/01/03 10:15 p.m.19 views

Design/Logic Flaw

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...

5CVSS7.3AI score0.00672EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/03 9:7 p.m.24 views

CVE-2021-37125

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected...

7.5AI score0.00672EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 2:29 p.m.3 views

DEBIAN-CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References1
OSV
OSV
added 2019/03/27 2:29 p.m.6 views

UBUNTU-CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed...

7.5CVSS7AI score0.98507EPSS
Exploits18References5
Rows per page
Query Builder