NotCVE - vendor:"Sphinxsearch" product:"Sphinx" version:" <= 3.1.1"

3 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-2838

https://notcve.org/view.php?id=CVE-2022-2838

16 Aug 2022 — In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. En Eclipse Sphinx versiones anteriores a 0.13.1, era usado Apache Xerces XML Parser sin deshabilitar el procesamiento de entidades externas referenciadas permitiendo una inyección de definiciones arbitrarias que es capaz de acceder a archivos loc... • https://bugs.eclipse.org/580542 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-29050 – Debian Security Advisory 5036-1

https://notcve.org/view.php?id=CVE-2020-29050

07 Jan 2022 — SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. SphinxSearch en Sphinx Technologies Sphinx versiones hasta 3.1.1, permite un salto de directorio (en conjunto con CVE-2019-14511) porque el cliente mysql puede ser usado para operaciones CALL SNIPPETS y load_file en ... • https://blog.wirhabenstil.de/2019/08/19/sphinxsearch-0-0-0-09306-cve-2019-14511 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-14511

https://notcve.org/view.php?id=CVE-2019-14511

22 Aug 2019 — Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only). Sphinx Technologies Sphinx versión 3.1.1, por defecto no presenta autenticación y escucha sobre 0.0.0.0, lo que hace exponerlo a Internet (a menos que sea filtrado por un firewall o reconfigurado para escuchar solo 127.0.0.1). • http://sphinxsearch.com/docs/sphinx3.html#getting-started-on-linux-and-macos • CWE-306: Missing Authentication for Critical Function •