Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35187 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 9.8 CRITICAL |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | |||||
| CVE-2019-10352 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2020-2277 | 1 Jenkins | 1 Storable Configs | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2021-21605 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 6.0 MEDIUM | 8.0 HIGH |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | |||||
| CVE-2020-2278 | 1 Jenkins | 1 Storable Configs | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | |||||
| CVE-2019-16540 | 1 Jenkins | 1 Support Core | 2023-10-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | |||||
| CVE-2020-2254 | 1 Jenkins | 1 Blue Ocean | 2023-10-25 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2020-2139 | 1 Jenkins | 1 Cobertura | 2023-10-25 | 8.5 HIGH | 6.5 MEDIUM |
| An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | |||||
| CVE-2020-2275 | 1 Jenkins | 1 Copy Data To Workspace | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2023-45277 | 1 Spaceapplications | 1 Yamcs | 2023-10-25 | N/A | 7.5 HIGH |
| Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. | |||||
| CVE-2023-45278 | 1 Spaceapplications | 1 Yamcs | 2023-10-25 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. | |||||
| CVE-2023-45689 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2023-10-24 | N/A | 6.5 MEDIUM |
| Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | |||||
| CVE-2023-45688 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2023-10-24 | N/A | 4.3 MEDIUM |
| Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | |||||
| CVE-2023-34208 | 1 Easyuse | 1 Mailhunter Ultimate | 2023-10-20 | N/A | 6.5 MEDIUM |
| Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | |||||
| CVE-2023-32974 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2023-10-19 | N/A | 7.5 HIGH |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-38312 | 1 Valvesoftware | 1 Counter-strike | 2023-10-19 | N/A | 7.5 HIGH |
| A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. | |||||
| CVE-2023-45855 | 1 Qdpm | 1 Qdpm | 2023-10-19 | N/A | 7.5 HIGH |
| qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | |||||
| CVE-2022-33165 | 1 Ibm | 1 Security Directory Integrator | 2023-10-18 | N/A | 7.5 HIGH |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. | |||||
| CVE-2023-41373 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2023-10-17 | N/A | 9.9 CRITICAL |
| A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2012-3380 | 1 Wargio | 1 Naxsi | 2023-10-17 | 2.1 LOW | N/A |
| Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | |||||