Diskboss Security Vulnerabilities and Issues — Diskboss CVE List

FlexenseDiskboss

8 matches found

CVE•added 2018/01/12 5:0 p.m.•223 views

CVE-2018-5262

DiskBoss Enterprise 8.8.16 and earlier contains a stack-based buffer overflow in the web server that allows a remote attacker to execute arbitrary code with high privileges. Public records (CVE-2018-5262) describe remote code execution via improper bounds checking; various sources cite exploit sa...

10CVSS9.8AI score0.39123EPSS

CVE•added 2017/03/29 9:0 p.m.•69 views

CVE-2017-7310

CVE-2017-7310 is a buffer overflow in the Import Command of Flexense products (SyncBreeze Enterprise, Disk Sorter Enterprise Client, DiskBoss Enterprise Client, DiskPulse, DiskSavvy, DupScout, VX Search) prior to version 10.6 (DiskPulse/DupScout/Sync Breeze variants noted in multiple advisories)....

7.8CVSS7.9AI score0.53651EPSS

CVE•added 2018/01/10 6:0 p.m.•60 views

CVE-2017-15665

In CVE-2017-15665, Flexense DiskBoss Enterprise 8.5.12 has a Denial of Service vulnerability in the Control Protocol. The issue is triggered by a crafted SERVER_GET_INFO packet sent to the control port 8094, leading to availability impact. The NVD entry reports CVSS v3.0 base metrics: Network att...

7.5CVSS7.3AI score0.09145EPSS

CVE•added 2018/05/02 9:0 p.m.•44 views

CVE-2018-10294

Flexense DiskBoss Enterprise (versions 7.4.28–9.1.16) is affected by a cross-site scripting (XSS) vulnerability. The CVE entry CVE-2018-10294 is supported by multiple connected sources (CNVD-2018-09174, CVE records, and packetstorm disclosures) indicating a remote XSS in DiskBoss Enterprise. Impa...

6.1CVSS6.2AI score0.00705EPSS

CVE•added 2018/02/02 9:0 p.m.•44 views

CVE-2018-5261

Flexense DiskBoss 8.8.16 and earlier has a vulnerability where plaintext data from the handshake is used as input for the encryption key for the rest of the session, allowing a man-in-the-middle to access sensitive information such as authentication credentials. Source reports include NVD and CNV...

8.1CVSS7.9AI score0.00467EPSS

CVE•added 2025/12/05 5:33 p.m.•16 views

CVE-2020-36882

Flexsense DiskBoss 7.7.14 is affected by CVE-2020-36882. An unauthenticated attacker can upload arbitrary files through the Directory field in the /Command/Search Files/ API endpoint, causing a denial of service via application crash. The vulnerability is tied to the DiskBoss software (Flexsense)...

8.7CVSS6.8AI score0.0052EPSS

Web

CVE•added 2025/12/05 5:18 p.m.•11 views

CVE-2020-36880

CVE-2020-36880 affects Flexsense DiskBoss 7.7.14. The vulnerability is described as a local buffer overflow in the 'Reports and Data Directory' field that can allow an attacker to execute arbitrary code on the affected system. The connected documents consistently identify this vulnerability and i...

8.6CVSS7.6AI score0.00203EPSS

CVE•added 2025/12/05 5:20 p.m.•11 views

CVE-2020-36881

Flexsense DiskBoss 7.7.14 contains a local buffer overflow in the Input Directory component. An unauthenticated attacker can craft a directory path via the Add Input Directory field to execute arbitrary code on the system. The CVE entry notes high impact (code execution) with local attack vector ...

8.6CVSS7.7AI score0.00315EPSS