Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for everything by voidtools
CVE-2025-12683 (GCVE-0-2025-12683)
Vulnerability from cvelistv5 – Published: 2025-11-04 04:23 – Updated: 2025-11-04 20:50
VLAI?
Title
NULL DACL assigned to Named Pipe communicating with SYSTEM Service
Summary
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Voidtools | Everything |
Affected:
=<1.4.1.1029
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T20:50:11.686277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T20:50:21.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.voidtools.com/",
"defaultStatus": "unaffected",
"modules": [
"Named Pipe"
],
"packageName": "Everything",
"product": "Everything",
"vendor": "Voidtools",
"versions": [
{
"status": "affected",
"version": "=\u003c1.4.1.1029"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdul Mhanni"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.\u003cbr\u003e"
}
],
"value": "The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T11:09:22.312Z",
"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"shortName": "Gridware"
},
"references": [
{
"url": "https://www.voidtools.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL DACL assigned to Named Pipe communicating with SYSTEM Service",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"assignerShortName": "Gridware",
"cveId": "CVE-2025-12683",
"datePublished": "2025-11-04T04:23:02.884Z",
"dateReserved": "2025-11-04T04:10:20.302Z",
"dateUpdated": "2025-11-04T20:50:21.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-27704 (GCVE-0-2023-27704)
Vulnerability from cvelistv5 – Published: 2023-04-12 00:00 – Updated: 2025-02-10 15:57
VLAI?
Summary
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.voidtools.com/en-us/downloads/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/happy0717/CVE-2023-27704"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:56:56.471021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:57:00.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"url": "https://www.voidtools.com/en-us/downloads/"
},
{
"url": "https://github.com/happy0717/CVE-2023-27704"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27704",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-03-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T15:57:00.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20784 (GCVE-0-2021-20784)
Vulnerability from cvelistv5 – Published: 2021-07-14 01:20 – Updated: 2024-12-03 01:14
VLAI?
Summary
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.
Severity ?
6.1 (Medium)
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| voidtools | Everything |
Affected:
all versions of 1.0 (Everything 1.0 series) except the Lite version
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.voidtools.com/downloads/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.voidtools.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN68971465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Everything",
"vendor": "voidtools",
"versions": [
{
"status": "affected",
"version": "all versions of 1.0 (Everything 1.0 series) except the Lite version"
}
]
},
{
"product": "Everything",
"vendor": "voidtools",
"versions": [
{
"status": "affected",
"version": "all versions of 1.1 (Everything 1.1 series) except the Lite version"
}
]
},
{
"product": "Everything",
"vendor": "voidtools",
"versions": [
{
"status": "affected",
"version": "all versions of 1.2 (Everything 1.2 series) except the Lite version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T01:14:05.653Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.voidtools.com/downloads/"
},
{
"url": "https://www.voidtools.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN68971465/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20784",
"datePublished": "2021-07-14T01:20:29.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-12-03T01:14:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24567 (GCVE-0-2020-24567)
Vulnerability from cvelistv5 – Published: 2020-08-21 02:26 – Updated: 2024-08-04 15:19 Disputed
VLAI?
Summary
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:07.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T02:26:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cymaera.com/articles/everything.html",
"refsource": "MISC",
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"name": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509",
"refsource": "MISC",
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24567",
"datePublished": "2020-08-21T02:26:29.000Z",
"dateReserved": "2020-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:07.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12683 (GCVE-0-2025-12683)
Vulnerability from nvd – Published: 2025-11-04 04:23 – Updated: 2025-11-04 20:50
VLAI?
Title
NULL DACL assigned to Named Pipe communicating with SYSTEM Service
Summary
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Voidtools | Everything |
Affected:
=<1.4.1.1029
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T20:50:11.686277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T20:50:21.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.voidtools.com/",
"defaultStatus": "unaffected",
"modules": [
"Named Pipe"
],
"packageName": "Everything",
"product": "Everything",
"vendor": "Voidtools",
"versions": [
{
"status": "affected",
"version": "=\u003c1.4.1.1029"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdul Mhanni"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.\u003cbr\u003e"
}
],
"value": "The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T11:09:22.312Z",
"orgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"shortName": "Gridware"
},
"references": [
{
"url": "https://www.voidtools.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL DACL assigned to Named Pipe communicating with SYSTEM Service",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b7efe717-a805-47cf-8e9a-921fca0ce0ce",
"assignerShortName": "Gridware",
"cveId": "CVE-2025-12683",
"datePublished": "2025-11-04T04:23:02.884Z",
"dateReserved": "2025-11-04T04:10:20.302Z",
"dateUpdated": "2025-11-04T20:50:21.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-27704 (GCVE-0-2023-27704)
Vulnerability from nvd – Published: 2023-04-12 00:00 – Updated: 2025-02-10 15:57
VLAI?
Summary
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).
Severity ?
5.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:36.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.voidtools.com/en-us/downloads/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/happy0717/CVE-2023-27704"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27704",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T15:56:56.471021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T15:57:00.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"url": "https://www.voidtools.com/en-us/downloads/"
},
{
"url": "https://github.com/happy0717/CVE-2023-27704"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27704",
"datePublished": "2023-04-12T00:00:00.000Z",
"dateReserved": "2023-03-05T00:00:00.000Z",
"dateUpdated": "2025-02-10T15:57:00.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20784 (GCVE-0-2021-20784)
Vulnerability from nvd – Published: 2021-07-14 01:20 – Updated: 2024-12-03 01:14
VLAI?
Summary
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.
Severity ?
6.1 (Medium)
CWE
- CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| voidtools | Everything |
Affected:
all versions of 1.0 (Everything 1.0 series) except the Lite version
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.voidtools.com/downloads/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.voidtools.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN68971465/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Everything",
"vendor": "voidtools",
"versions": [
{
"status": "affected",
"version": "all versions of 1.0 (Everything 1.0 series) except the Lite version"
}
]
},
{
"product": "Everything",
"vendor": "voidtools",
"versions": [
{
"status": "affected",
"version": "all versions of 1.1 (Everything 1.1 series) except the Lite version"
}
]
},
{
"product": "Everything",
"vendor": "voidtools",
"versions": [
{
"status": "affected",
"version": "all versions of 1.2 (Everything 1.2 series) except the Lite version"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-644",
"description": "Improper Neutralization of HTTP Headers for Scripting Syntax",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T01:14:05.653Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.voidtools.com/downloads/"
},
{
"url": "https://www.voidtools.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN68971465/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20784",
"datePublished": "2021-07-14T01:20:29.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-12-03T01:14:05.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24567 (GCVE-0-2020-24567)
Vulnerability from nvd – Published: 2020-08-21 02:26 – Updated: 2024-08-04 15:19 Disputed
VLAI?
Summary
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:07.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T02:26:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cymaera.com/articles/everything.html",
"refsource": "MISC",
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"name": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509",
"refsource": "MISC",
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24567",
"datePublished": "2020-08-21T02:26:29.000Z",
"dateReserved": "2020-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:19:07.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2023-27704
Vulnerability from fkie_nvd - Published: 2023-04-12 14:15 - Updated: 2025-02-10 16:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| voidtools | everything | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:voidtools:everything:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDE8734-9ADD-410F-82A0-107D4DC3567A",
"versionEndExcluding": "1.4.1.1022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS)."
}
],
"id": "CVE-2023-27704",
"lastModified": "2025-02-10T16:15:36.343",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-12T14:15:07.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/happy0717/CVE-2023-27704"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.voidtools.com/en-us/downloads/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://drive.google.com/drive/folders/1BmHAGSugrFo0whDEmg6nnbaOkvE21X-p?usp=sharing"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/happy0717/CVE-2023-27704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.voidtools.com/en-us/downloads/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-20784
Vulnerability from fkie_nvd - Published: 2021-07-14 02:15 - Updated: 2024-12-03 02:15
Severity ?
Summary
HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN68971465/ | ||
| vultures@jpcert.or.jp | https://www.voidtools.com/ | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.voidtools.com/downloads/ | Product, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN68971465/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.voidtools.com/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.voidtools.com/downloads/ | Product, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| voidtools | everything | * | |
| voidtools | everything | * | |
| voidtools | everything | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:voidtools:everything:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED65DC-1DED-4D08-85C0-CB2F6011AA5C",
"versionEndExcluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:voidtools:everything:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6DC1904-72E3-4FB3-A304-678A31B12AF6",
"versionEndExcluding": "1.2",
"versionStartIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:voidtools:everything:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D356F0-BA1E-4003-9CAD-4BC94F678B2B",
"versionEndExcluding": "1.3",
"versionStartIncluding": "1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de encabezado HTTP en Everything todas las versiones, excepto la versi\u00f3n Lite, puede permitir a un atacante remoto inyectar un script arbitrario o alterar el sitio web que usa el producto por medio de vectores no especificados"
}
],
"id": "CVE-2021-20784",
"lastModified": "2024-12-03T02:15:16.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-14T02:15:07.577",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "https://jvn.jp/en/jp/JVN68971465/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.voidtools.com/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.voidtools.com/downloads/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN68971465/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.voidtools.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "https://www.voidtools.com/downloads/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-644"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-24567
Vulnerability from fkie_nvd - Published: 2020-08-21 03:15 - Updated: 2024-11-21 05:15
Severity ?
Summary
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cymaera.com/articles/everything.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cymaera.com/articles/everything.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| voidtools | everything | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:voidtools:everything:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36D7145D-383F-4784-ADFF-2FF3CD42667D",
"versionEndExcluding": "1.4.1.990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error"
},
{
"lang": "es",
"value": "** EN DISPUTA ** voidtools Everything en versiones anteriores a la 1.4.1 Beta Nightly 18-08-2018 permite la escalada de privilegios mediante un archivo urlmon.dll de caballo de Troya en el directorio de instalaci\u00f3n. NOTA: esto s\u00f3lo es relevante si los usuarios con pocos privilegios pueden escribir en el directorio de instalaci\u00f3n, lo que puede considerarse un error de configuraci\u00f3n espec\u00edfico del sitio."
}
],
"id": "CVE-2020-24567",
"lastModified": "2024-11-21T05:15:00.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T03:15:11.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.cymaera.com/articles/everything.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.voidtools.com/forum/viewtopic.php?p=32509#p32509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
JVNDB-2021-000067
Vulnerability from jvndb - Published: 2021-07-09 14:40 - Updated:2021-07-09 14:40
Severity ?
Summary
voidtools "Everything" vulnerable to HTTP header injection
Details
The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability (CWE-644).
Kusano Kazuhiko reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000067.html",
"dc:date": "2021-07-09T14:40+09:00",
"dcterms:issued": "2021-07-09T14:40+09:00",
"dcterms:modified": "2021-07-09T14:40+09:00",
"description": "The HTTP server of Everything provided by voidtools contains an HTTP header injection vulnerability (CWE-644).\r\n\r\nKusano Kazuhiko reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000067.html",
"sec:cpe": {
"#text": "cpe:/a:voidtools:everything",
"@product": "Everything",
"@vendor": "voidtools",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000067",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN68971465/index.html",
"@id": "JVN#68971465",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20784",
"@id": "CVE-2021-20784",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20784",
"@id": "CVE-2021-20784",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "voidtools \"Everything\" vulnerable to HTTP header injection"
}