Lucene search
+L

99 matches found

NVD
NVD
added 2024/10/28 12:15 a.m.45 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

9.8CVSS0.98529EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 2024/10/28 12:0 a.m.65 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution. Recent assessments: sfewer-r7 at July 11, 2025 9:37am UTC reported: CVE-2024-50623 allows a remote unauthenticated...

9.8CVSS9.8AI score0.98529EPSS
In wildExploits8References2
Positive Technologies
Positive Technologies
added 2024/10/27 12:0 a.m.6 views

PT-2024-10294

Name of the Vulnerable Software and Affected Versions Cleo Harmony versions prior to 5.8.0.21 Cleo VLTrader versions prior to 5.8.0.21 Cleo LexiCom versions prior to 5.8.0.21 Description A critical vulnerability in Cleo's file transfer software is being actively exploited, allowing unauthenticate...

9.8CVSS10AI score0.98529EPSS
Exploits6References220
CNNVD
CNNVD
added 2024/10/27 12:0 a.m.3 views

Cleo多款产品 安全漏洞

Cleo LexiCom and others are products of Cleo, Inc.Cleo LexiCom is an integration platform.Cleo Harmony is a file integration solution.Cleo VLTrader is a secure hosted file transfer software. A security vulnerability exists in various Cleo products that stems from the inclusion of a JavaScript...

9.8CVSS9.7AI score0.98529EPSS
Exploits6References2
Cvelist
Cvelist
added 2024/10/27 12:0 a.m.25 views

CVE-2024-50623

In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution...

0.98529EPSS
Exploits6References1
CVE
CVE
added 2024/10/27 12:0 a.m.341 views

CVE-2024-50623

CVE-2024-50623 affects Cleo Harmony, Cleo VLTrader, and Cleo LexiCom prior to 5.8.0.21. It is an unrestricted file upload/download flaw that could lead to remote code execution. PoCs exist (e.g., GitHub exploits), and the recommended remediation is to upgrade to 5.8.0.21 or newer. Some connected ...

9.8CVSS9.1AI score0.98529EPSS
In wildExploits6References2Affected Software3
vulnersOsv
vulnersOsv
added 2022/11/10 12:1 p.m.5 views

a-poem (=0.12.3), active-wrapper (>=0.1.0 <=0.1.4) +167 more potentially affected by CVE-2022-42966 via cleo (>=0.6.8 <=1.0.0a5)

cleo PYPI version =0.6.8, =0.1.0, =0.1.3, =0.1.0, =0.1.1, =0.1.0, =0.1.0a0, =0.1.1.1, =0.1.0, =0.2.7, =0.0.465, =0.0.503 and more Source cves: CVE-2022-42966 Source advisory: OSV:GHSA-2P9H-CCW7-33GF...

7.5CVSS7AI score0.00909EPSS
Exploits1
OSV
OSV
added 2022/11/10 12:1 p.m.58 views

GHSA-2P9H-CCW7-33GF cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

5.9CVSS6.4AI score0.00909EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/11/10 12:1 p.m.21 views

cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.3AI score0.00909EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2022/11/10 7:32 a.m.17 views

Regular Expression Denial Of Service (ReDoS)

cleo is vulnerable to regular expression denial of serviceReDoS attacks. A remote attacker is able to cause denial of service conditions via suppling a maliciously crafted input through the Table.setrows method in command.py...

7.5CVSS7AI score0.00909EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2022/11/09 8:15 p.m.8 views

PYSEC-2022-43178

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7AI score0.00909EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/11/09 8:15 p.m.6 views

a-poem (=0.12.3), active-wrapper (>=0.1.0 <=0.1.4) +167 more potentially affected by CVE-2022-42966 via cleo (>=0.6.8 <=1.0.0a5)

cleo PYPI version =0.6.8, =0.1.0, =0.1.3, =0.1.0, =0.1.1, =0.1.0, =0.1.0a0, =0.1.1.1, =0.1.0, =0.2.7, =0.0.465, =0.0.503 and more Source cves: CVE-2022-42966 Source advisory: OSV:PYSEC-2022-43178...

7.5CVSS7AI score0.00909EPSS
Exploits1
NVD
NVD
added 2022/11/09 8:15 p.m.27 views

CVE-2022-42966

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS0.00909EPSS
Exploits1References1
OSV
OSV
added 2022/11/09 8:15 p.m.8 views

PYSEC-2022-43178

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.5AI score0.00909EPSS
Exploits1References3
Prion
Prion
added 2022/11/09 8:15 p.m.16 views

Design/Logic Flaw

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

5CVSS7.5AI score0.00909EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/11/09 8:15 p.m.24 views

CVE-2022-42966

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.1AI score0.00909EPSS
Exploits1References2
OSV
OSV
added 2022/11/09 8:15 p.m.3 views

UBUNTU-CVE-2022-42966

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.2AI score0.00909EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/09 12:0 a.m.4 views

Cleo 安全漏洞

Cleo is used to create beautiful and testable command line interfaces. A security vulnerability exists in Cleo. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS7.3AI score0.00909EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.5 views

CVE-2022-42966 Exponential ReDoS in cleo leads to denial of service

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

5.9CVSS6.8AI score0.00909EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.5 views

PT-2022-26685 · Pypi · Cleo

Name of the Vulnerable Software and Affected Versions: cleo affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package when an attacker is able to supply arbitrary input to the Table.set rows method...

7.5CVSS7.3AI score0.00909EPSS
Exploits1References13
Rows per page
Query Builder