Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22851 | 1 Liveconfig | 1 Liveconfig | 2024-02-13 | N/A | 7.5 HIGH |
| Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. | |||||
| CVE-2024-24482 | 2 Apktool, Microsoft | 2 Apktool, Windows | 2024-02-12 | N/A | 9.8 CRITICAL |
| Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. | |||||
| CVE-2021-22281 | 1 Br-automation | 1 Automation Studio | 2024-02-10 | N/A | 7.5 HIGH |
| : Relative Path Traversal vulnerability in B&R Industrial Automation Automation Studio allows Relative Path Traversal.This issue affects Automation Studio: from 4.0 through 4.12. | |||||
| CVE-2024-24569 | 1 Pixee | 1 Java Code Security Toolkit | 2024-02-09 | N/A | 4.8 MEDIUM |
| The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2. | |||||
| CVE-2024-24756 | 1 Crafatar | 1 Crafatar | 2024-02-09 | N/A | 7.5 HIGH |
| Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5. | |||||
| CVE-2023-38019 | 1 Ibm | 1 Soar Qradar Plugin App | 2024-02-09 | N/A | 6.5 MEDIUM |
| IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 260575. | |||||
| CVE-2023-39611 | 1 Softwarefx | 1 Chart Fx | 2024-02-09 | N/A | 7.5 HIGH |
| An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. | |||||
| CVE-2024-24579 | 1 Anchore | 1 Stereoscope | 2024-02-09 | N/A | 9.8 CRITICAL |
| stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. | |||||
| CVE-2024-23334 | 2 Aiohttp, Fedoraproject | 2 Aiohttp, Fedora | 2024-02-09 | N/A | 7.5 HIGH |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. | |||||
| CVE-2024-23652 | 1 Mobyproject | 1 Buildkit | 2024-02-09 | N/A | 9.1 CRITICAL |
| BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature. | |||||
| CVE-2024-24938 | 1 Jetbrains | 1 Teamcity | 2024-02-09 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | |||||
| CVE-2024-24942 | 1 Jetbrains | 1 Teamcity | 2024-02-09 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||||
| CVE-2024-23827 | 1 Nginxui | 1 Nginx Ui | 2024-02-08 | N/A | 9.8 CRITICAL |
| Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue. | |||||
| CVE-2024-0844 | 1 Felixmoira | 1 Popup More Popups\, Lightboxes\, And More Popup Modules | 2024-02-08 | N/A | 7.2 HIGH |
| The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2020-4053 | 1 Helm | 1 Helm | 2024-02-08 | 8.5 HIGH | 6.8 MEDIUM |
| In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4. | |||||
| CVE-2022-24877 | 1 Fluxcd | 2 Flux2, Kustomize-controller | 2024-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. | |||||
| CVE-2022-31503 | 1 Orchest | 1 Orchest | 2024-02-08 | 6.4 MEDIUM | 9.3 CRITICAL |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2019-20916 | 4 Debian, Opensuse, Oracle and 1 more | 5 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more | 2024-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | |||||
| CVE-2024-24940 | 1 Jetbrains | 1 Intellij Idea | 2024-02-07 | N/A | 4.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | |||||
| CVE-2024-0380 | 1 Bootstrapped | 1 Wp Recipe Maker | 2024-02-07 | N/A | 4.3 MEDIUM |
| The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. | |||||