Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | |||||
| CVE-2019-11822 | 1 Synology | 1 Photo Station | 2023-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | |||||
| CVE-2019-11826 | 1 Synology | 1 Moments | 2023-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | |||||
| CVE-2018-20470 | 1 Sahipro | 1 Sahi Pro | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files. | |||||
| CVE-2018-3731 | 1 Public.js Project | 1 Public.js | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2019-4384 | 1 Ibm | 1 Campaign | 2023-01-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. | |||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2023-01-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | |||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2023-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2020-15050 | 1 Supremainc | 1 Biostar 2 | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. | |||||
| CVE-2020-14461 | 1 Zyxel | 2 Wap6806, Wap6806 Firmware | 2023-01-27 | 5.0 MEDIUM | 8.6 HIGH |
| Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | |||||
| CVE-2018-18323 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI. | |||||
| CVE-2019-13385 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log. | |||||
| CVE-2022-42280 | 1 Nvidia | 2 Bmc, Dgx A100 | 2023-01-24 | N/A | 7.8 HIGH |
| NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | |||||
| CVE-2022-25046 | 1 Control-webpanel | 1 Webpanel | 2023-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2020-15643 | 1 Marvell | 1 Qconvergeconsole | 2023-01-24 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveAsText method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10549. | |||||
| CVE-2018-19365 | 1 Wowza | 1 Streaming Engine | 2023-01-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request. | |||||
| CVE-2021-41381 | 1 Payara | 1 Micro Community | 2023-01-20 | 4.3 MEDIUM | 7.5 HIGH |
| Payara Micro Community 5.2021.6 and below allows Directory Traversal. | |||||