Lucene search
K

35 matches found

CNNVD
CNNVD
added 2023/04/14 12:0 a.m.5 views

LIVEBOX Collaboration vDesk 加密问题漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk version v018 and prior versions, which stems from /api/v1/vencrypt/decrypt/file A cryptographic issue may occur...

6.5CVSS6.4AI score0.00444EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2023/02/03 8:0 a.m.4 views

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

...

7.8CVSS7.1AI score0.00282EPSS
Exploits0
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.36 views

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the...

9.8CVSS6AI score0.04251EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/03/16 12:0 a.m.6 views

The vulnerability of Google Chrome’s File API interface allows attackers to circumvent security restrictions.

The vulnerability of the Google Chrome browser’s File API relates to the use of an uninitialized resource. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...

9.3CVSS7.7AI score0.01496EPSS
Exploits1References11Affected Software7
OSV
OSV
added 2021/12/23 1:15 a.m.1 views

DEBIAN-CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.02073EPSS
Exploits0References1
OSV
OSV
added 2021/12/23 1:15 a.m.2 views

UBUNTU-CVE-2021-4057

Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.02073EPSS
Exploits0References2
OSV
OSV
added 2021/06/04 6:15 p.m.1 views

UBUNTU-CVE-2021-30515

Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.01201EPSS
Exploits1References2
CNVD
CNVD
added 2021/01/14 12:0 a.m.2 views

flatCore Information Disclosure Vulnerability

flatCore is a lightweight content management system CMS based on PHP and SQLite. An information disclosure vulnerability exists in flatCore CMS prior to version 2.0.0 build 139, which stems from a local file disclosure vulnerability found in the program's docsfile acp interface's HTTP request bod...

4.9CVSS5.9AI score0.0168EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.6 views

flatCore 输入验证错误漏洞

flatCore is a lightweight content management system CMS based on PHP and SQLite. An information disclosure vulnerability exists in flatCore CMS prior to version 2.0.0 build 139, which stems from a local file disclosure vulnerability found in the program's docsfile acp interface's HTTP request bod...

4.9CVSS5.8AI score0.0168EPSS
Exploits2References5
Microsoft CVE
Microsoft CVE
added 2018/11/13 8:0 a.m.33 views

Microsoft Outlook Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center. A malicious user could potentially share anonymously-accessible links to other users via email where these links are intended to b...

6.5CVSS6.4AI score0.05585EPSS
Exploits0
CNVD
CNVD
added 2018/03/15 12:0 a.m.4 views

SAP BASIS Directory Traversal Vulnerability

SAP BASIS is a role engaged in sap system administration. Mainly responsible for sap system planning, installation, configuration, management, monitoring, maintenance, tuning, etc.. A security vulnerability exists in the ABAP File Interface in SAP BASIS that stems from the program's failure to...

8.8CVSS6.8AI score0.0191EPSS
Exploits0References1
OSV
OSV
added 2018/03/01 5:29 p.m.5 views

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

8.8CVSS5.8AI score0.0191EPSS
Exploits0References3
Prion
Prion
added 2018/03/01 5:29 p.m.19 views

Input validation

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

6.5CVSS8.5AI score0.0191EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/03/01 5:29 p.m.20 views

CVE-2018-2367

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file API...

8.8CVSS8.6AI score0.0191EPSS
Exploits0References3
CVE
CVE
added 2018/03/01 5:0 p.m.48 views

CVE-2018-2367

The CVE affects SAP BASIS ABAP File Interface (v7.00–7.02, 7.10–7.11, 7.30–7.31, 7.40, 7.50–7.52). The root cause is insufficient validation of user-provided path information, allowing directory traversal characters to propagate to the file APIs. This could enable an attacker to access arbitrary ...

8.8CVSS8.4AI score0.0191EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder