CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-5277

Malware in sbrugna...

5.5CVSS6.5AI score0.00234EPSS

Exploits1References5

Microsoft CVE•added 2025/09/04 4:54 a.m.•2 views

OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.

...

7.8CVSS7AI score0.01035EPSS

Exploits4

Openbugbounty•added 2023/04/10 8:51 p.m.•11 views

fls-frieling.de Cross Site Scripting vulnerability OBB-3257298

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score

Exploits0

Exploit DB•added 2023/04/03 12:0 a.m.•152 views

sleuthkit 4.11.1 - Command Injection

Exploit Title: sleuthkit 4.11.1 - Command Injection Date: 2023-01-20 CVE-2022-45639 Vendor Homepage: https://github.com/sleuthkit Vulnerability Type: Command injection Attack Type: Local Version: 4.11.1 Exploit Author: Dino Barlattani, Giuseppe Granato Link poc:...

7.8CVSS7.7AI score0.01035EPSS

Exploits4

0day.today•added 2023/04/03 12:0 a.m.•198 views

sleuthkit 4.11.1 - Command Injection Exploit

Exploit Title: sleuthkit 4.11.1 - Command Injection CVE-2022-45639 Vendor Homepage: https://github.com/sleuthkit Vulnerability Type: Command injection Attack Type: Local Version: 4.11.1 Exploit Author: Dino Barlattani, Giuseppe Granato Link poc: https://www.binaryworld.it/guidepoc.aspCVE-2022-456...

7.8CVSS7.8AI score0.01035EPSS

Exploits4

Packet Storm•added 2023/04/03 12:0 a.m.•216 views

Sleuthkit 4.11.1 Command Injection

7.8CVSS7.6AI score0.01035EPSS

Exploits4

SUSE CVE•added 2023/02/15 4:40 a.m.•3 views

SUSE CVE-2017-13760

In The Sleuth Kit TSK 4.4.2, fls hangs on a corrupt exfat image in tskimgread in tsk/img/imgio.c in libtskimg.a...

5.5CVSS6.6AI score0.00234EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 4:4 a.m.•1 views

SUSE CVE-2019-1010065

The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfsdent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfscattraverse in lines: 952, 1062. The attack...

6.5CVSS6.8AI score0.01155EPSS

Exploits0References3

Veracode•added 2023/01/25 2:38 a.m.•57 views

Information Disclosure

opensearch is vulnerable to Information Disclosure. The vulnerability exists because the excluded fields are not correctly applied for specific queries in the Field-level security FLS with .keyword fields , allowing an attacker to gain read access to indexes through the restricted fields...

6.5CVSS6.2AI score0.00354EPSS

Exploits0References5Affected Software1

OSV•added 2023/01/24 8:54 p.m.•33 views

GHSA-V3CG-7R9H-R2G6 Field-level security issue with .keyword fields in OpenSearch

Advisory title: Field-level security issue with .keyword fields Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly...

5.7CVSS5.9AI score0.00354EPSS

Exploits0References4

Github Security Blog•added 2023/01/24 8:54 p.m.•35 views

Field-level security issue with .keyword fields in OpenSearch

6.5CVSS6AI score0.00354EPSS

Exploits0References4Affected Software1

OSV•added 2023/01/24 8:33 p.m.•13 views

CVE-2023-23613 Field-level security issue with .keyword fields in OpenSearch

OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their...

5.7CVSS6.5AI score0.00354EPSS

Exploits0References4

Debian CVE•added 2023/01/24 8:33 p.m.•17 views

CVE-2023-23613

6.5CVSS6.5AI score0.00354EPSS

Exploits0

OSV•added 2023/01/24 2:15 a.m.•4 views

CVE-2022-45639

7.8CVSS7.9AI score0.01035EPSS

Exploits4References3

CVE•added 2023/01/24 12:0 a.m.•156 views

CVE-2022-45639

SLEUTHKIT: CVE-2022-45639 affects the fls tool (SleuthKit) 4.11.1, enabling OS command injection via a crafted value to the -m parameter. The vulnerability stems from the handling of the input in the m field, potentially allowing an attacker to execute arbitrary commands on the host when run loca...

7.8CVSS8AI score0.01035EPSS

Exploits4References3Affected Software1

Positive Technologies•added 2023/01/24 12:0 a.m.•2 views

PT-2023-14727 · Sleuth Kit · Sleuthkit

Name of the Vulnerable Software and Affected Versions: sleuthkit fls tool version 4.11.1 Description: The issue allows attackers to execute arbitrary commands via a crafted value to the m parameter. This is an OS Command injection vulnerability. Note that there is a dispute regarding the impact o...

7.8CVSS8.3AI score0.01035EPSS

Exploits4References9

Vulnrichment•added 2023/01/24 12:0 a.m.•5 views

CVE-2022-45639

8.3AI score0.01035EPSS

Exploits4References3

CNNVD•added 2023/01/24 12:0 a.m.•1 views

sleuthkit fls 操作系统命令注入漏洞

sleuthkit fls is a collection of data forensics tools from Brian Carrier's personal developer. An operating system command injection vulnerability exists in sleuthkit fls version 4.11.1, which stems from the presence of an operating system command injection vulnerability that allows an attacker t...

7.8CVSS7.8AI score0.01035EPSS

Exploits4References5