Lucene search

Vx Search Security Vulnerabilities

cve

CVE-2017-13708

Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.

9.8CVSS

9.6AI Score

0.047EPSS

2017-08-31 02:29 PM

cve

CVE-2017-15220

Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.

9.8CVSS

9.9AI Score

0.071EPSS

2017-10-11 01:29 PM

cve

CVE-2017-15662

In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.

7.5CVSS

7.3AI Score

0.014EPSS

2018-01-10 06:29 PM

cve

CVE-2018-10567

XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7.

6.1CVSS

5.9AI Score

0.001EPSS

2018-05-02 09:29 PM

cve

CVE-2023-24671

VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file.

7.8CVSS

8.5AI Score

0.0004EPSS

2023-03-16 12:15 PM