Lucene search
K

77 matches found

Adobe
Adobe
added 2024/09/10 12:0 a.m.40 views

APSB24-55 : Security update available for Adobe After Effects

Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses critical, important and moderate security vulnerabilities. Successful exploitation could lead to arbitrary code execution, memory leak and arbitrary file system write in the context of the current us...

8.1AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.29 views

Adobe After Effects < 23.6.9 / 24.0 < 24.6 Multiple Vulnerabilities (APSB24-55)

The version of Adobe After Effects installed on the remote Windows host is prior to 23.6.9, 24.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB24-55 advisory. - After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability...

7.8CVSS6.5AI score0.00324EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.6 views

PT-2024-5138

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on...

6.5CVSS6.7AI score0.00395EPSS
Exploits0References127
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.9 views

Traccar 代码问题漏洞

Traccar is a Java-based website builder that provides GPS tracking functionality from Traccar Inc. in the United States. The software supports more than 170 GPS protocols and more than 1500 models of GPS tracking devices.Traccar can be used with any major SQL database system . It also provides an...

9.6CVSS9.3AI score0.17631EPSS
Exploits5References5
OSV
OSV
added 2024/03/06 10:58 a.m.15 views

BIT-MAGENTO-2021-28584 Magento Commerce path traversal vulnerability in child theme store creation

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required...

7.2CVSS6.6AI score0.0178EPSS
Exploits0References2
ICS
ICS
added 2023/08/08 12:0 a.m.64 views

Siemens RUGGEDCOM CROSSBOW

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

9.8CVSS9.2AI score0.0216EPSS
Exploits1References12
OSV
OSV
added 2023/06/14 4:37 p.m.15 views

GHSA-WM5G-P99Q-66G4 elFinder vulnerable to path traversal in LocalVolumeDriver connector

Impact Path Traversal vulnerability in PHP LocalVolumeDriver connector. This vulnerability can be exploited by allowing untrusted users to write to the local file system. This issue was caused by incomplete validity checking of the supplied request parameters. That problem has been fixed in...

7.5CVSS6.4AI score0.01936EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.6 views

AVG Technologies AVG Antivirus 安全漏洞

AVG Technologies AVG Antivirus is a suite of antivirus software from the Czech company AVG Technologies. A security vulnerability exists in AVG Technologies AVG Antivirus prior to version 22.10, which originates from a vulnerability that allows an attacker with file system write privileges to...

8.8CVSS8.2AI score0.00681EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.5 views

PT-2022-18227 · WordPress · Import Any Xml/Csv File To Wordpress

Name of the Vulnerable Software and Affected Versions: Import any XML or CSV File to WordPress plugin versions prior to 3.6.9 Description: The issue allows highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path...

7.2CVSS7AI score0.03187EPSS
Exploits2References5
NVD
NVD
added 2022/10/14 8:15 p.m.24 views

CVE-2022-38424

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

7.2CVSS0.45159EPSS
Exploits0References1
Prion
Prion
added 2022/10/14 8:15 p.m.18 views

Path traversal

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

5.8CVSS6.8AI score0.45159EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/14 7:42 p.m.9 views

CVE-2022-38424 Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

7.2CVSS6.8AI score0.45159EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/14 7:42 p.m.25 views

CVE-2022-38424 Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write

Adobe ColdFusion versions Update 14 and earlier and Update 4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, bu...

7.2CVSS7.7AI score0.45159EPSS
Exploits0References1
Adobe
Adobe
added 2022/10/11 12:0 a.m.28 views

APSB22-44: Security updates available for ColdFusion

Adobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve Critical, Important and Moderate vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass and privilege escalation...

7.4AI score
Exploits0
OSV
OSV
added 2022/06/15 7:15 p.m.6 views

CVE-2022-31219

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation o...

7.8CVSS5.9AI score0.00303EPSS
Exploits0References1
Adobe
Adobe
added 2022/06/14 12:0 a.m.49 views

APSB22-25 : Security update available for Adobe Bridge

Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, arbitrary file system write and memory leak...

6.9AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 7:6 p.m.25 views

Magento Path Traversal vulnerability

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...

7.2CVSS6.8AI score0.0178EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/05/24 7:6 p.m.13 views

GHSA-7GPV-XRJR-F5H4 Magento Path Traversal vulnerability

Magento versions 2.4.2 and earlier, 2.4.1-p1 and earlier and 2.3.6-p1 and earlier are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is...

5.4CVSS6.8AI score0.0178EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/04/14 4:15 p.m.5 views

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

7CVSS6.8AI score0.00518EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.5 views

Amazon AWS VPN Client 安全漏洞

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client for Windows version 2.0.0, which stems from the disclosure of a user's Net-NTLMv2 hash when importing VPN configuration files. information, an attacke...

7CVSS6.8AI score0.00518EPSS
Exploits1References3
Rows per page
Query Builder