Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Flexense Subscribe
Filtered by product Diskboss
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-5262 1 Flexense 1 Diskboss 2020-08-24 10.0 HIGH 9.8 CRITICAL
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
CVE-2018-5261 1 Flexense 1 Diskboss 2019-10-02 4.3 MEDIUM 8.1 HIGH
An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the authentication credentials, to any man-in-the-middle (MiTM) listener.
CVE-2018-10294 1 Flexense 1 Diskboss 2018-06-04 4.3 MEDIUM 6.1 MEDIUM
Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS.
CVE-2017-7310 1 Flexense 3 Diskboss, Disksorter, Syncbreeze 2018-03-07 6.8 MEDIUM 7.8 HIGH
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
CVE-2017-15665 1 Flexense 1 Diskboss 2018-02-01 5.0 MEDIUM 7.5 HIGH
In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.