Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28485 | 1 Ericsson | 2 Mobile Switching Center Server Bc 18a, Mobile Switching Center Server Bc 18a Firmware | 2023-10-25 | N/A | 4.3 MEDIUM |
| In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. | |||||
| CVE-2023-35187 | 1 Solarwinds | 1 Access Rights Manager | 2023-10-25 | N/A | 9.8 CRITICAL |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution. | |||||
| CVE-2022-39178 | 1 Webvendome Project | 1 Webvendome | 2023-10-25 | N/A | 5.3 MEDIUM |
| Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. | |||||
| CVE-2021-21605 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 6.0 MEDIUM | 8.0 HIGH |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | |||||
| CVE-2020-2278 | 1 Jenkins | 1 Storable Configs | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | |||||
| CVE-2020-2277 | 1 Jenkins | 1 Storable Configs | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2020-2275 | 1 Jenkins | 1 Copy Data To Workspace | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | |||||
| CVE-2020-2254 | 1 Jenkins | 1 Blue Ocean | 2023-10-25 | 3.5 LOW | 6.5 MEDIUM |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2020-2139 | 1 Jenkins | 1 Cobertura | 2023-10-25 | 8.5 HIGH | 6.5 MEDIUM |
| An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | |||||
| CVE-2019-16540 | 1 Jenkins | 1 Support Core | 2023-10-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master. | |||||
| CVE-2019-10352 | 1 Jenkins | 1 Jenkins | 2023-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2023-45277 | 1 Spaceapplications | 1 Yamcs | 2023-10-25 | N/A | 7.5 HIGH |
| Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. | |||||
| CVE-2023-45278 | 1 Spaceapplications | 1 Yamcs | 2023-10-25 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. | |||||
| CVE-2023-45383 | 1 Common-services | 1 Sonice Etiquetage | 2023-10-25 | N/A | 7.5 HIGH |
| In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | |||||
| CVE-2023-45689 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2023-10-24 | N/A | 6.5 MEDIUM |
| Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | |||||
| CVE-2023-45688 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2023-10-24 | N/A | 4.3 MEDIUM |
| Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | |||||
| CVE-2023-45686 | 1 Southrivertech | 1 Titan Mfp Server | 2023-10-24 | N/A | 7.2 HIGH |
| Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | |||||
| CVE-2023-45685 | 1 Southrivertech | 2 Titan Mft Server, Titan Sftp Server | 2023-10-24 | N/A | 9.1 CRITICAL |
| Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | |||||
| CVE-2023-34208 | 1 Easyuse | 1 Mailhunter Ultimate | 2023-10-20 | N/A | 6.5 MEDIUM |
| Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | |||||
| CVE-2023-21415 | 1 Axis | 5 Axis Os, Axis Os 2016, Axis Os 2018 and 2 more | 2023-10-19 | N/A | 8.1 HIGH |
| Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||