Описание
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:flexense:diskboss:7.8.16:*:*:*:enterprise:*:*:*
cpe:2.3:a:flexense:disksorter:9.5.12:*:*:*:enterprise:*:*:*
cpe:2.3:a:flexense:syncbreeze:9.5.16:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 99%
0.86559
Высокий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-119
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
EPSS
Процентиль: 99%
0.86559
Высокий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-119