Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32974 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2023-10-19 | N/A | 7.5 HIGH |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later | |||||
| CVE-2023-38312 | 1 Valvesoftware | 1 Counter-strike | 2023-10-19 | N/A | 7.5 HIGH |
| A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. | |||||
| CVE-2023-45855 | 1 Qdpm | 1 Qdpm | 2023-10-19 | N/A | 7.5 HIGH |
| qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | |||||
| CVE-2022-33165 | 1 Ibm | 1 Security Directory Integrator | 2023-10-18 | N/A | 7.5 HIGH |
| IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. | |||||
| CVE-2023-41373 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2023-10-17 | N/A | 9.9 CRITICAL |
| A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2012-3380 | 1 Wargio | 1 Naxsi | 2023-10-17 | 2.1 LOW | N/A |
| Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | |||||
| CVE-2023-4990 | 1 Mcl-collection | 2 Mcl-net, Mcl-net Firmware | 2023-10-16 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. | |||||
| CVE-2023-42796 | 1 Siemens | 4 Cp-8031, Cp-8031 Firmware, Cp-8050 and 1 more | 2023-10-16 | N/A | 8.8 HIGH |
| A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. | |||||
| CVE-2023-43256 | 1 Gladysassistant | 1 Gladys Assistant | 2023-10-13 | N/A | 6.5 MEDIUM |
| A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | |||||
| CVE-2023-45352 | 1 Atos | 1 Unify Openscape Common Management | 2023-10-12 | N/A | 8.8 HIGH |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | |||||
| CVE-2019-12143 | 1 Progress | 1 Ws Ftp Server | 2023-10-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | |||||
| CVE-2023-36123 | 1 Plain Craft Launcher 2 Project | 1 Plain Craft Launcher 2 | 2023-10-10 | N/A | 7.8 HIGH |
| Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2023-23365 | 1 Qnap | 1 Music Station | 2023-10-10 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | |||||
| CVE-2023-23366 | 1 Qnap | 1 Music Station | 2023-10-10 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | |||||
| CVE-2022-35919 | 1 Minio | 1 Minio | 2023-10-10 | N/A | 2.7 LOW |
| MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. | |||||
| CVE-2023-43662 | 1 Shokoanime | 1 Shokoserver | 2023-10-06 | N/A | 8.6 HIGH |
| ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191. | |||||
| CVE-2023-43070 | 1 Dell | 1 Smartfabric Storage Software | 2023-10-06 | N/A | 6.5 MEDIUM |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container. | |||||
| CVE-2023-3512 | 1 Setelsa-security | 1 Conacwin | 2023-10-05 | N/A | 7.5 HIGH |
| Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. | |||||
| CVE-2023-3701 | 1 Aquaesolutions | 1 Aqua Drive | 2023-10-05 | N/A | 8.8 HIGH |
| Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform. | |||||
| CVE-2023-28406 | 1 F5 | 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more | 2023-10-05 | N/A | 4.3 MEDIUM |
| A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||