VYPR

SyncBreeze Enterprise

by Flexense

CVEs (6)

  • CVE-2018-6537CriFeb 2, 2018
    risk 0.64cvss 9.8epss 0.04

    A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.

  • CVE-2017-17996HigFeb 6, 2018
    risk 0.58cvss 8.8epss 0.05

    A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the…

  • CVE-2017-15950HigOct 31, 2017
    risk 0.54cvss 7.8epss 0.06

    Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive…

  • CVE-2017-15664HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.

  • CVE-2017-17099HigDec 3, 2017
    risk 0.52cvss 7.8epss 0.12

    There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that…

  • CVE-2018-10563MedMay 2, 2018
    risk 0.40cvss 6.1epss 0.01

    An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7).