Page 6 of 47 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption for a scheduled job. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0384 https://product.m-files.com/security-advisories/cve-2023-0384 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0383 https://product.m-files.com/security-advisories/cve-2023-0383 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0382 https://product.m-files.com/security-advisories/cve-2023-0382 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-0213 https://product.m-files.com/security-advisories/cve-2023-0213 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. • https://www.m-files.com/about/trust-center/security-advisories/cve-2022-4862 https://product.m-files.com/security-advisories/cve-2022-4862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •