Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5115 | 2 Debian, Redhat | 5 Debian Linux, Ansible Automation Platform, Ansible Developer and 2 more | 2024-12-06 | N/A | 6.3 MEDIUM |
| An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. | |||||
| CVE-2024-10651 | 2024-11-01 | N/A | 4.9 MEDIUM | ||
| IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files. | |||||
| CVE-2024-45290 | 1 Phpoffice | 1 Phpspreadsheet | 2024-10-16 | N/A | 7.5 HIGH |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-5022 | 1 Dedecms | 1 Dedecms | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863. | |||||
| CVE-2023-2101 | 1 Mogublog Project | 1 Mogublog | 2024-05-17 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability. | |||||
| CVE-2023-3765 | 2 Lfprojects, Microsoft | 2 Mlflow, Windows | 2023-07-28 | N/A | 10.0 CRITICAL |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | |||||
| CVE-2023-1176 | 1 Lfprojects | 1 Mlflow | 2023-03-28 | N/A | 3.3 LOW |
| Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | |||||
| CVE-2021-30173 | 1 Junhetec | 1 Omnidirectional Communication System | 2021-05-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file. | |||||