CVE-2022-49040

Buffer copy without checking size of input 'Classic Buffer Overflow' vulnerability in connection management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to crash the client via unspecified vectors...

CVE-2022-47488

In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed...

CVE-2022-46282

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,...

CVE-2022-38392

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service device malfunction and system crash via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported produ...

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

CVE-2022-3421

An attacker can pre-create the /Applications/Google\ Drive.app/Contents/MacOS directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set i...

CVE-2021-23893

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption DE prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer...

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

CVE-2021-20121

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and...

CVE-2021-20870

Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier,...

CVE-2021-20153

Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user inserts a flash drive with a malicious...

CVE-2021-39433

A local file inclusion LFI vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user...

CVE-2021-42548

Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42546

Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42257

checksmart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path the /dev/bus substring and a number, aka an unanchored regular expression...

CVE-2021-39373

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure...

CVE-2020-5797

UNIX Symbolic Link Symlink Following in TP-Link Archer C9USV1180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router...

CVE-2020-28397

A vulnerability has been identified in SIMATIC Drive Controller family All versions V2 V2.5 V2.5 V21.9, TIM 1531 IRC incl. SIPLUS NET variants Version V2.1. Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program...

CVE-2020-15003

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user via the session API during shared Drive access...

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...