CWE-538
Insertion of Sensitive Information into Externally-Accessible File or Directory
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
CVE-2014-0771 (GCVE-0-2014-0771)
Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2025-09-19 19:15
VLAI?
Summary
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
file URLs through JavaScript. This method could also be used to reach
any arbitrary URL to which the browser has access.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP’s Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebAccess",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-04-08T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003eThe BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cOpenUrlToBuffer.\u201d This method takes a URL as a parameter and returns \nits contents to the caller in JavaScript. The URLs are accessed in the \nsecurity context of the current browser session. The control does not \nperform any URL validation and allows \u201cfile://\u201d URLs that access the \nlocal disk.\u003c/p\u003e\n\u003cp\u003eThe method can be used to open a URL (including file URLs) and read \nfile URLs through JavaScript. This method could also be used to reach \nany arbitrary URL to which the browser has access.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n\u201cOpenUrlToBuffer.\u201d This method takes a URL as a parameter and returns \nits contents to the caller in JavaScript. The URLs are accessed in the \nsecurity context of the current browser session. The control does not \nperform any URL validation and allows \u201cfile://\u201d URLs that access the \nlocal disk.\n\n\nThe method can be used to open a URL (including file URLs) and read \nfile URLs through JavaScript. This method could also be used to reach \nany arbitrary URL to which the browser has access."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:15:27.669Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
},
{
"name": "66740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66740"
},
{
"url": "http://webaccess.advantech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdvantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/downloads.php?item=software\"\u003ehttp://webaccess.advantech.com/downloads.php?item=software\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information about WebAccess, please visit the following Advantech web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u00a0 http://webaccess.advantech.com/downloads.php?item=software \n\nFor additional information about WebAccess, please visit the following Advantech web site:\u00a0 http://webaccess.advantech.com/"
}
],
"source": {
"advisory": "ICSA-14-079-03",
"discovery": "EXTERNAL"
},
"title": "Advantech WebAccess File and Directory Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
},
{
"name": "66740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0771",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T19:15:27.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0772 (GCVE-0-2014-0772)
Vulnerability from cvelistv5 – Published: 2014-04-12 01:00 – Updated: 2025-09-19 19:19
VLAI?
Summary
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
OpenUrlToBufferTimeout. This method takes a URL as a parameter and
returns its contents to the caller in JavaScript. The URLs are accessed
in the security context of the current browser session. The control does
not perform any URL validation and allows file:// URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
the URLs through JavaScript. This method could also be used to reach any
arbitrary URL to which the browser has access.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP’s Zero Day Initiative (ZDI)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebAccess",
"vendor": "Advantech",
"versions": [
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrea Micalizzi, aka rgod, Tom Gallagher, and an independent anonymous researcher working with HP\u2019s Zero Day Initiative (ZDI)"
}
],
"datePublic": "2014-04-08T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\n\u003cp\u003eThe BWOCXRUN.BwocxrunCtrl.1 control contains a method named \nOpenUrlToBufferTimeout. This method takes a URL as a parameter and \nreturns its contents to the caller in JavaScript. The URLs are accessed \nin the security context of the current browser session. The control does\n not perform any URL validation and allows file:// URLs that access the \nlocal disk.\u003c/p\u003e\n\u003cp\u003eThe method can be used to open a URL (including file URLs) and read \nthe URLs through JavaScript. This method could also be used to reach any\n arbitrary URL to which the browser has access.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \nOpenUrlToBufferTimeout. This method takes a URL as a parameter and \nreturns its contents to the caller in JavaScript. The URLs are accessed \nin the security context of the current browser session. The control does\n not perform any URL validation and allows file:// URLs that access the \nlocal disk.\n\n\nThe method can be used to open a URL (including file URLs) and read \nthe URLs through JavaScript. This method could also be used to reach any\n arbitrary URL to which the browser has access."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T19:19:40.873Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03"
},
{
"name": "66740",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66740"
},
{
"url": "http://webaccess.advantech.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAdvantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/downloads.php?item=software\"\u003ehttp://webaccess.advantech.com/downloads.php?item=software\u003c/a\u003e\u003c/p\u003e\u003cp\u003eFor additional information about WebAccess, please visit the following Advantech web site:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://webaccess.advantech.com/\"\u003ehttp://webaccess.advantech.com/\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Advantech has created a new version (Version 7.2) that mitigates each\n of the vulnerabilities described above. Users may download this version\n from the following location at their web site:\u00a0 http://webaccess.advantech.com/downloads.php?item=software \n\nFor additional information about WebAccess, please visit the following Advantech web site:\u00a0 http://webaccess.advantech.com/"
}
],
"source": {
"advisory": "ICSA-14-079-03",
"discovery": "EXTERNAL"
},
"title": "Advantech WebAccess File and Directory Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-079-03"
},
{
"name": "66740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0772",
"datePublished": "2014-04-12T01:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2025-09-19T19:19:40.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-15056 (GCVE-0-2016-15056)
Vulnerability from cvelistv5 – Published: 2025-11-14 22:49 – Updated: 2025-11-18 16:19
VLAI?
Summary
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.
Severity ?
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubee Interactive | Ubee EVW3226 |
Affected:
0 , ≤ 1.0.20
(semver)
|
Credits
Gergely Eberhardt of Search-Lab.hu
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-15056",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T16:19:29.257566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T16:19:32.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40156"
},
{
"tags": [
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2016/Jul/66"
},
{
"tags": [
"exploit"
],
"url": "https://web.archive.org/web/20160726145043/http://www.search-lab.hu/advisories/122-ubee-evw3226-modem-router-multiple-vulnerabilities"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Ubee EVW3226",
"vendor": "Ubee Interactive",
"versions": [
{
"lessThanOrEqual": "1.0.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubee:ubee_evw3226:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.0.20",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gergely Eberhardt of Search-Lab.hu"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request \u0027Configuration_file.cfg\u0027 directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device."
}
],
"value": "Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request \u0027Configuration_file.cfg\u0027 directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-16T13:33:16.365Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/40156"
},
{
"tags": [
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2016/Jul/66"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://web.archive.org/web/20160726145043/http://www.search-lab.hu/advisories/122-ubee-evw3226-modem-router-multiple-vulnerabilities"
},
{
"tags": [
"product"
],
"url": "https://web.archive.org/web/20160403014231/http://www.ubeeinteractive.com/products/cable/evw3226"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ubee-evw3226-unauthenticated-backup-file-disclosure"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2016-07-25T16:00:00.000Z",
"value": "ExploitDB-40156 is publicly disclosed."
}
],
"title": "Ubee EVW3226 Unauthenticated Backup File Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2016-15056",
"datePublished": "2025-11-14T22:49:58.179Z",
"dateReserved": "2025-11-14T21:18:32.204Z",
"dateUpdated": "2025-11-18T16:19:32.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-16770 (GCVE-0-2017-16770)
Vulnerability from cvelistv5 – Published: 2018-02-27 15:00 – Updated: 2024-09-16 19:30
VLAI?
Summary
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user's sensitive files via the filename parameter.
Severity ?
No CVSS data available.
CWE
- CWE-538 - File and Directory Information Exposure (CWE-538)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Synology | Surveillance Station |
Affected:
before 8.1.2-5469
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:20.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_77"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Surveillance Station",
"vendor": "Synology",
"versions": [
{
"status": "affected",
"version": "before 8.1.2-5469"
}
]
}
],
"datePublic": "2017-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user\u0027s sensitive files via the filename parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "File and Directory Information Exposure (CWE-538)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-27T14:57:01",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_77"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2017-12-12T00:00:00",
"ID": "CVE-2017-16770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Surveillance Station",
"version": {
"version_data": [
{
"version_value": "before 8.1.2-5469"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain other user\u0027s sensitive files via the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "File and Directory Information Exposure (CWE-538)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_77",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_77"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2017-16770",
"datePublished": "2018-02-27T15:00:00Z",
"dateReserved": "2017-11-10T00:00:00",
"dateUpdated": "2024-09-16T19:30:32.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9947 (GCVE-0-2017-9947)
Vulnerability from cvelistv5 – Published: 2017-10-23 00:00 – Updated: 2024-08-05 17:25
VLAI?
Summary
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.
Severity ?
No CVSS data available.
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 |
Affected:
APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101248",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5"
}
]
}
],
"datePublic": "2017-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "101248",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-9947",
"datePublished": "2017-10-23T00:00:00",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4847 (GCVE-0-2018-4847)
Vulnerability from cvelistv5 – Published: 2018-04-23 16:00 – Updated: 2024-09-17 02:57
VLAI?
Summary
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
Severity ?
No CVSS data available.
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | SIMATIC WinCC OA Operator iOS App |
Affected:
All versions < V1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC WinCC OA Operator iOS App",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.4"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions \u003c V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app\u0027s directory. Siemens provides mitigations to resolve the security issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T16:57:01",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "103941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-04-18T00:00:00",
"ID": "CVE-2018-4847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC OA Operator iOS App",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions \u003c V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app\u0027s directory. Siemens provides mitigations to resolve the security issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538: File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103941"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-4847",
"datePublished": "2018-04-23T16:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-17T02:57:39.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12623 (GCVE-0-2019-12623)
Vulnerability from cvelistv5 – Published: 2019-08-21 18:00 – Updated: 2024-11-21 19:16
VLAI?
Summary
A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system.
Severity ?
4.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software |
Affected:
unspecified , < 3.12.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190821 Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-12623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T18:57:18.789302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:16:15.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Enterprise NFV Infrastructure Software",
"vendor": "Cisco",
"versions": [
{
"lessThan": "3.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T18:00:17",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190821 Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration"
}
],
"source": {
"advisory": "cisco-sa-20190821-nfv-enumeration",
"defect": [
[
"CSCvp99184"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-08-21T16:00:00-0700",
"ID": "CVE-2019-12623",
"STATE": "PUBLIC",
"TITLE": "Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Enterprise NFV Infrastructure Software",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "3.12.1"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web server functionality of Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform file enumeration on an affected system. The vulnerability is due to the web server responding with different error codes for existing and non-existing files. An attacker could exploit this vulnerability by sending GET requests for different file names. A successful exploit could allow the attacker to enumerate files residing on the system."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190821 Cisco Enterprise Network Functions Virtualization Infrastructure Software File Enumeration Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-nfv-enumeration"
}
]
},
"source": {
"advisory": "cisco-sa-20190821-nfv-enumeration",
"defect": [
[
"CSCvp99184"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-12623",
"datePublished": "2019-08-21T18:00:17.724597Z",
"dateReserved": "2019-06-04T00:00:00",
"dateUpdated": "2024-11-21T19:16:15.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15793 (GCVE-0-2019-15793)
Vulnerability from cvelistv5 – Published: 2020-04-23 23:55 – Updated: 2024-09-16 16:58
VLAI?
Summary
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
Severity ?
6.5 (Medium)
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | Shiftfs in the Linux kernel |
Affected:
5.3.0-11.12 , < 5.3 kernel*
(custom)
Affected: 5.0 kernel , < 5.0.0-35.38 (custom) |
Credits
Jann Horn of Google Project Zero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4183-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4184-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shiftfs in the Linux kernel",
"vendor": "Ubuntu",
"versions": [
{
"changes": [
{
"at": "5.3.0-22.24",
"status": "unaffected"
}
],
"lessThan": "5.3 kernel*",
"status": "affected",
"version": "5.3.0-11.12",
"versionType": "custom"
},
{
"lessThan": "5.0.0-35.38",
"status": "affected",
"version": "5.0 kernel",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jann Horn of Google Project Zero"
}
],
"datePublic": "2019-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T23:55:24",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4183-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4184-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/bugs/1850867"
],
"discovery": "EXTERNAL"
},
"title": "Mishandling of file-system uid/gid with namespaces in shiftfs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-11-12 18:00:00 UTC",
"ID": "CVE-2019-15793",
"STATE": "PUBLIC",
"TITLE": "Mishandling of file-system uid/gid with namespaces in shiftfs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shiftfs in the Linux kernel",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "5.3 kernel",
"version_value": "5.3.0-11.12"
},
{
"version_affected": "\u003c",
"version_name": "5.3 kernel",
"version_value": "5.3.0-22.24"
},
{
"version_affected": "\u003c",
"version_name": "5.0 kernel",
"version_value": "5.0.0-35.38"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jann Horn of Google Project Zero"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4183-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4183-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4184-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4184-1"
},
{
"name": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb",
"refsource": "MISC",
"url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/eoan/commit/?id=3644b9d5688da86f18e017c9c580b75cf52927bb"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/bugs/1850867"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-15793",
"datePublished": "2020-04-23T23:55:24.581625Z",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-09-16T16:58:57.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6851 (GCVE-0-2019-6851)
Vulnerability from cvelistv5 – Published: 2019-10-29 14:55 – Updated: 2024-08-04 20:31
VLAI?
Summary
A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol.
Severity ?
No CVSS data available.
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions) |
Affected:
Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:31:04.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T14:55:35",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2019-6851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)",
"version": {
"version_data": [
{
"version_value": "Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-538: File and Directory Information Exposure vulnerability exists in Modicon M580, Modicon M340, Modicon Premium , Modicon Quantum (all firmware versions), which could cause the disclosure of information from the controller when using TFTP protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538: File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-281-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2019-6851",
"datePublished": "2019-10-29T14:55:35",
"dateReserved": "2019-01-25T00:00:00",
"dateUpdated": "2024-08-04T20:31:04.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7618 (GCVE-0-2019-7618)
Vulnerability from cvelistv5 – Published: 2019-10-01 17:52 – Updated: 2024-08-04 20:54
VLAI?
Summary
A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user.
Severity ?
No CVSS data available.
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Elastic | Elastic Code |
Affected:
7.3.0, 7.3.1, and 7.3.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://staging-website.elastic.co/community/security"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Elastic Code",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "7.3.0, 7.3.1, and 7.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-01T17:52:42",
"orgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"shortName": "elastic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://staging-website.elastic.co/community/security"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2019-7618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Code",
"version": {
"version_data": [
{
"version_value": "7.3.0, 7.3.1, and 7.3.2"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538: File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://staging-website.elastic.co/community/security",
"refsource": "MISC",
"url": "https://staging-website.elastic.co/community/security"
},
{
"name": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "271b6943-45a9-4f3a-ab4e-976f3fa05b5a",
"assignerShortName": "elastic",
"cveId": "CVE-2019-7618",
"datePublished": "2019-10-01T17:52:42",
"dateReserved": "2019-02-07T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Operation, System Configuration
Description:
- Do not expose file and directory information to the user.
CAPEC-95: WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.