Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2106 | 1 Smartics | 1 Smartics | 2023-06-27 | 4.0 MEDIUM | 2.7 LOW |
| Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. | |||||
| CVE-2022-23531 | 1 Datadoghq | 1 Guarddog | 2023-06-27 | N/A | 7.8 HIGH |
| GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5. | |||||
| CVE-2022-1661 | 1 Keysight | 4 N6841a Rf, N6841a Rf Firmware, N6854a and 1 more | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | |||||
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2023-06-27 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | |||||
| CVE-2022-1373 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2023-06-27 | N/A | 7.2 HIGH |
| The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk. | |||||
| CVE-2022-41158 | 2 Eyoom, Linux | 2 Eyoom Builder, Linux Kernel | 2023-06-27 | N/A | 9.8 CRITICAL |
| Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. | |||||
| CVE-2023-34880 | 1 Cmseasy | 1 Cmseasy | 2023-06-26 | N/A | 9.8 CRITICAL |
| cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. This vulnerability allows attackers to execute arbitrary code and perform a local file inclusion. | |||||
| CVE-2023-34342 | 1 Ami | 1 Megarac Sp-x | 2023-06-20 | N/A | 9.1 CRITICAL |
| AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering. | |||||
| CVE-2023-34345 | 1 Ami | 1 Megarac Sp-x | 2023-06-20 | N/A | 6.5 MEDIUM |
| AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. | |||||
| CVE-2023-34096 | 1 Thruk | 1 Thruk | 2023-06-19 | N/A | 8.8 HIGH |
| Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2. | |||||
| CVE-2023-29502 | 1 Ptc | 1 Vuforia Studio | 2023-06-15 | N/A | 4.3 MEDIUM |
| Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path. | |||||
| CVE-2023-1864 | 1 Fanuc | 2 Roboguide Handlingpro, Roboguide Handlingpro Firmware | 2023-06-15 | N/A | 7.5 HIGH |
| FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. | |||||
| CVE-2023-3172 | 1 Froxlor | 1 Froxlor | 2023-06-14 | N/A | 7.2 HIGH |
| Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. | |||||
| CVE-2023-33690 | 1 Sonicjs | 1 Sonicjs | 2023-06-13 | N/A | 6.5 MEDIUM |
| SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. | |||||
| CVE-2023-3031 | 1 Webbax | 1 King-avis | 2023-06-12 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. | |||||
| CVE-2019-3828 | 1 Redhat | 1 Ansible | 2023-06-12 | 3.3 LOW | 4.2 MEDIUM |
| Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | |||||
| CVE-2023-2909 | 1 Asustor | 1 Adm | 2023-06-07 | N/A | 10.0 CRITICAL |
| EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below. | |||||
| CVE-2023-33177 | 1 Xibosignage | 1 Xibo | 2023-06-06 | N/A | 8.8 HIGH |
| Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. | |||||
| CVE-2022-24632 | 1 Audiocodes | 1 Device Manager Express | 2023-06-02 | N/A | 5.3 MEDIUM |
| An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. | |||||
| CVE-2023-26216 | 1 Tibco | 1 Ebx Add-ons | 2023-06-01 | N/A | 7.2 HIGH |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | |||||