VYPR
Vendor

Flexense

Products
9
CVEs
50
Across products
56
Status
Private

Products

9

Recent CVEs

50
View all 50 CVEs →
  • CVE-2018-5262CriJan 12, 2018
    risk 0.70cvss 9.8epss 0.39

    A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.

  • CVE-2017-14980CriOct 10, 2017
    risk 0.68cvss 9.8epss 0.22

    Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.

  • CVE-2017-6416CriMar 6, 2017
    risk 0.68cvss 9.8epss 0.11

    An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.

  • CVE-2017-15220CriOct 11, 2017
    risk 0.67cvss 9.8epss 0.07

    Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.

  • CVE-2025-34108HigJul 15, 2025
    risk 0.65cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the login functionality of Disk Pulse Enterprise version 9.0.34. An attacker can send a specially crafted HTTP POST request to the /login endpoint with an overly long username parameter, causing a buffer overflow in the…

  • CVE-2018-6537CriFeb 2, 2018
    risk 0.64cvss 9.8epss 0.04

    A buffer overflow vulnerability in the control protocol of Flexense SyncBreeze Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9121.

  • CVE-2017-17996HigFeb 6, 2018
    risk 0.58cvss 8.8epss 0.05

    A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause termination of the…

  • CVE-2017-7310HigMar 29, 2017
    risk 0.58cvss 7.8epss 0.54

    A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML…

  • CVE-2023-53873HigDec 15, 2025
    risk 0.57cvss epss 0.00

    SyncBreeze 15.2.24 contains a denial of service vulnerability in the login authentication mechanism that allows attackers to crash the service. Attackers can send an oversized password parameter with repeated 'password=' values to overwhelm the login endpoint and potentially…

  • CVE-2018-5359HigJan 23, 2018
    risk 0.56cvss 8.1epss 0.09

    The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow.

  • CVE-2025-59901HigJan 28, 2026
    risk 0.55cvss epss 0.00

    Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send malicious content to an…

  • CVE-2020-36879HigDec 5, 2025
    risk 0.55cvss epss 0.00

    Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a…

  • CVE-2017-15950HigOct 31, 2017
    risk 0.54cvss 7.8epss 0.06

    Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive…

  • CVE-2018-5261HigFeb 2, 2018
    risk 0.53cvss 8.1epss 0.00

    An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due to the usage of plaintext information from the handshake as input for the encryption key used for the encryption of the rest of the session, the server and client disclose sensitive information, such as the…

  • CVE-2017-15663HigJan 10, 2018
    risk 0.53cvss 7.5epss 0.13

    In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.

  • CVE-2017-15665HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.

  • CVE-2017-15664HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.

  • CVE-2017-15662HigJan 10, 2018
    risk 0.52cvss 7.5epss 0.09

    In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.

  • CVE-2017-15667HigDec 28, 2017
    risk 0.52cvss 7.5epss 0.04

    In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9221.

  • CVE-2017-17088HigDec 19, 2017
    risk 0.52cvss 7.5epss 0.07

    The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a…