Total
288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34316 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-27 | N/A | 7.5 HIGH |
| ?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | |||||
| CVE-2023-34645 | 1 Jflyfox | 1 Jfinal Cms | 2024-12-17 | N/A | 7.5 HIGH |
| jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | |||||
| CVE-2024-52292 | 1 Craftcms | 1 Craft Cms | 2024-11-19 | N/A | 6.5 MEDIUM |
| Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8. | |||||
| CVE-2024-48838 | 1 Dell | 1 Smartfabric Os10 | 2024-11-15 | N/A | 3.3 LOW |
| Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | |||||
| CVE-2024-49756 | 2024-10-25 | N/A | N/A | ||
| AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions (no changing fields), and would allow their hooks (side effects) to be performed when they should not have been. Note that this does not allow reading new data that the user should not have had access to, only triggering a side effect a user should not have been able to trigger. To be vulnerable, an affected user must have an update action that is on a resource with no attributes containing an "update default" (updated_at timestamp, for example); can be performed atomically; does not have `require_atomic? false`; has at least one authorizer (typically `Ash.Policy.Authorizer`); and has at least one `change` (on the resource's `changes` block or in the action itself). This is where the side-effects would be performed when they should not have been. This problem has been patched in `2.4.10` of `ash_postgres`. Several workarounds are available. Potentially affected users may determine that none of their actions are vulnerable using a script the maintainers provide in the GitHub Security Advisory, add `require_atomic? false` to any potentially affected update action, replace any usage of `Ash.update` with `Ash.bulk_update` for an affected action, and/or add an update timestamp to their action. | |||||
| CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2024-10-16 | N/A | 6.5 MEDIUM |
| A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | |||||
| CVE-2021-3996 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2024-10-15 | N/A | 5.5 MEDIUM |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
| CVE-2023-31064 | 1 Apache | 1 Inlong | 2024-10-09 | N/A | 7.5 HIGH |
| Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it. | |||||
| CVE-2023-31066 | 1 Apache | 1 Inlong | 2024-10-09 | N/A | 9.1 CRITICAL |
| Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it. | |||||
| CVE-2024-7107 | 1 Nationalkeep | 1 Cybermath | 2024-10-03 | N/A | 7.5 HIGH |
| Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: before CYBM.240816253. | |||||
| CVE-2023-2538 | 1 Tyan | 8 S5552\/s5552gm2nr, S5552\/s5552gm2nr Firmware, S5552\/s5552gm4nr and 5 more | 2024-09-30 | N/A | 4.2 MEDIUM |
| A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS. | |||||
| CVE-2024-6878 | 2024-09-20 | N/A | N/A | ||
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24. | |||||
| CVE-2024-39581 | 1 Dell | 1 Insightiq | 2024-09-16 | N/A | 9.8 CRITICAL |
| Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files. | |||||
| CVE-2023-33517 | 1 Carrental Project | 1 Carrental | 2024-09-11 | N/A | 7.5 HIGH |
| carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | |||||
| CVE-2024-8655 | 2024-09-11 | N/A | N/A | ||
| A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-6911 | 1 Perkinelmer | 1 Processplus | 2024-09-10 | N/A | 7.5 HIGH |
| Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | |||||
| CVE-2024-38429 | 1 Matrix-globalservices | 1 Tafnit | 2024-09-06 | N/A | 7.5 HIGH |
| Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties | |||||
| CVE-2024-41699 | 1 Priority-software | 1 Priority | 2024-09-03 | N/A | 7.5 HIGH |
| Priority – CWE-552: Files or Directories Accessible to External Parties | |||||
| CVE-2023-49198 | 1 Apache | 1 Seatunnel | 2024-08-23 | N/A | 7.5 HIGH |
| Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue. | |||||
| CVE-2024-5056 | 1 Schneider-electric | 6 Bmxnoe0100, Bmxnoe0100 Firmware, Bmxnoe0110 and 3 more | 2024-08-23 | N/A | 6.5 MEDIUM |
| CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | |||||