Page 2 of 34 results (0.004 seconds)

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files Un problema de path traversal en el endpoint de API en M-Files Server anterior a la versión 24.8.13981.0 permite que un usuario autenticado lea archivos A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files • https://product.m-files.com/security-advisories/cve-2024-6789 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. La condición de denegación de servicio en M-Files Server en versiones anteriores a 24.4.13592.4 y posteriores a 23.11 (excluyendo 24.2 LTS) permite a usuarios no autenticados consumir recursos informáticos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-4056 https://product.m-files.com/security-advisories/cve-2024-4056 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479 https://product.m-files.com/security-advisories/cve-2023-4479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. La condición de denegación de servicio en M-Files Server en versiones anteriores a la 24.2 (excluyendo 23.2 SR7 y 23.8 SR5) permite a un usuario anónimo provocar una denegación de servicio contra otros usuarios anónimos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563 https://product.m-files.com/security-advisories/cve-2024-0563 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests. Un método API vulnerable en M-Files Server anterior a 23.12.13195.0 permite el consumo incontrolado de recursos. El atacante autenticado puede agotar el espacio de almacenamiento del servidor hasta el punto en que el servidor ya no pueda atender solicitudes. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-6910 https://product.m-files.com/security-advisories/cve-2023-6910 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •