Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2024-02-13 | N/A | 8.1 HIGH |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | |||||
| CVE-2024-0221 | 1 10web | 1 Photo Gallery | 2024-02-13 | N/A | 7.2 HIGH |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors. | |||||
| CVE-2024-0964 | 1 Gradio Project | 1 Gradio | 2024-02-13 | N/A | 9.4 CRITICAL |
| A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | |||||
| CVE-2023-6989 | 1 Getshieldsecurity | 1 Shield Security | 2024-02-13 | N/A | 9.8 CRITICAL |
| The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | |||||
| CVE-2021-22281 | 1 Br-automation | 1 Automation Studio | 2024-02-10 | N/A | 7.5 HIGH |
| : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | |||||
| CVE-2024-24569 | 1 Pixee | 1 Java Code Security Toolkit | 2024-02-09 | N/A | 4.8 MEDIUM |
| The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2. | |||||
| CVE-2024-24756 | 1 Crafatar | 1 Crafatar | 2024-02-09 | N/A | 7.5 HIGH |
| Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5. | |||||
| CVE-2023-38019 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-02-09 | N/A | 6.5 MEDIUM |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | |||||
| CVE-2024-24579 | 1 Anchore | 1 Stereoscope | 2024-02-09 | N/A | 9.8 CRITICAL |
| stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. | |||||
| CVE-2024-23334 | 2 Aiohttp, Fedoraproject | 2 Aiohttp, Fedora | 2024-02-09 | N/A | 7.5 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. | |||||
| CVE-2024-23652 | 1 Mobyproject | 1 Buildkit | 2024-02-09 | N/A | 9.1 CRITICAL |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature. | |||||
| CVE-2024-24942 | 1 Jetbrains | 1 Teamcity | 2024-02-09 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||||
| CVE-2024-23827 | 1 Nginxui | 1 Nginx Ui | 2024-02-08 | N/A | 9.8 CRITICAL |
| Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue. | |||||
| CVE-2020-4053 | 1 Helm | 1 Helm | 2024-02-08 | 8.5 HIGH | 6.8 MEDIUM |
| In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4. | |||||
| CVE-2022-24877 | 1 Fluxcd | 2 Flux2, Kustomize-controller | 2024-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. | |||||
| CVE-2022-31503 | 1 Orchest | 1 Orchest | 2024-02-08 | 6.4 MEDIUM | 9.3 CRITICAL |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2019-20916 | 4 Debian, Opensuse, Oracle and 1 more | 5 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | |||||
| CVE-2024-0380 | 1 Bootstrapped | 1 Wp Recipe Maker | 2024-02-07 | N/A | 4.3 MEDIUM |
| The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. | |||||
| CVE-2023-30970 | 1 Palantir | 2 Gotham Blackbird-witchcraft, Gotham Static-assets-servlet | 2024-02-07 | N/A | 6.5 MEDIUM |
| Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. | |||||
| CVE-2022-20723 | 1 Cisco | 1 Ios Xe | 2024-02-07 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | |||||