Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

sphinx

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2022-2838
Assigner-Eclipse Foundation
ShareView Details
Assigner-Eclipse Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.63%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 10:10
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-sphinxEclipse Sphinx
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-29050
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.30%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 06:02
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.

Action-Not Available
Vendor-sphinxsearchn/aDebian GNU/Linux
Product-debian_linuxsphinxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-14511
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.46%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 12:26
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).

Action-Not Available
Vendor-sphinxsearchn/a
Product-sphinxn/a
CWE ID-CWE-306
Missing Authentication for Critical Function