Vulnerabilities (CVE)

Filtered by vendor Sphinxsearch Subscribe
Filtered by product Sphinx
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-29050 2 Debian, Sphinxsearch 2 Debian Linux, Sphinx 2024-11-21 5.0 MEDIUM 7.5 HIGH
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx.
CVE-2019-14511 1 Sphinxsearch 1 Sphinx 2024-11-21 5.0 MEDIUM 7.5 HIGH
Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).