Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42796 | 1 Siemens | 4 Cp-8031, Cp-8031 Firmware, Cp-8050 and 1 more | 2023-10-16 | N/A | 8.8 HIGH |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. | |||||
| CVE-2023-43256 | 1 Gladysassistant | 1 Gladys Assistant | 2023-10-13 | N/A | 6.5 MEDIUM |
| A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | |||||
| CVE-2023-45352 | 1 Atos | 1 Unify Openscape Common Management | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | |||||
| CVE-2019-12143 | 1 Progress | 1 Ws Ftp Server | 2023-10-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | |||||
| CVE-2023-36123 | 1 Plain Craft Launcher 2 Project | 1 Plain Craft Launcher 2 | 2023-10-10 | N/A | 7.8 HIGH |
| Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2023-23366 | 1 Qnap | 1 Music Station | 2023-10-10 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | |||||
| CVE-2023-23365 | 1 Qnap | 1 Music Station | 2023-10-10 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | |||||
| CVE-2022-35919 | 1 Minio | 1 Minio | 2023-10-10 | N/A | 2.7 LOW |
| MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. | |||||
| CVE-2023-40828 | 1 Pf4j Project | 1 Pf4j | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | |||||
| CVE-2023-40827 | 1 Pf4j Project | 1 Pf4j | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | |||||
| CVE-2023-40826 | 1 Pf4j Project | 1 Pf4j | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. | |||||
| CVE-2023-37428 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 7.2 HIGH |
| A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-32756 | 1 Edetw | 1 U-office Force | 2023-08-29 | N/A | 7.5 HIGH |
| e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. | |||||
| CVE-2023-39026 | 2 Filemage, Microsoft | 2 Filemage, Windows | 2023-08-29 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. | |||||
| CVE-2023-3348 | 1 Cloudflare | 1 Wrangler | 2023-08-29 | N/A | 5.7 MEDIUM |
| The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. | |||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2023-08-28 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | |||||
| CVE-2023-39141 | 1 Ziahamza | 1 Webui-aria2 | 2023-08-28 | N/A | 7.5 HIGH |
| webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2023-08-28 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2023-3330 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2023-08-28 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | |||||
| CVE-2023-2971 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2023-08-24 | N/A | 6.5 MEDIUM |
| Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | |||||