Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-43627 | 1 Furunosystems | 4 Acera 1310, Acera 1310 Firmware, Acera 1320 and 1 more | 2023-10-04 | N/A | 5.7 MEDIUM |
| Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode. | |||||
| CVE-2023-43044 | 1 Ibm | 1 License Metric Tool | 2023-10-03 | N/A | 7.5 HIGH |
| IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. | |||||
| CVE-2023-40026 | 1 Linuxfoundation | 1 Argo-cd | 2023-10-02 | N/A | 4.3 MEDIUM |
| Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation. | |||||
| CVE-2023-43825 | 1 Ekakin | 1 Shihonkanri Plus | 2023-10-02 | N/A | 7.8 HIGH |
| Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.. | |||||
| CVE-2023-41040 | 1 Gitpython Project | 1 Gitpython | 2023-09-29 | N/A | 6.5 MEDIUM |
| GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. | |||||
| CVE-2023-41888 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 5.4 MEDIUM |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-42819 | 1 Fit2cloud | 1 Jumpserver | 2023-09-29 | N/A | 8.8 HIGH |
| JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-42657 | 1 Progress | 1 Ws Ftp Server | 2023-09-29 | N/A | 9.6 CRITICAL |
| In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. | |||||
| CVE-2023-42462 | 1 Glpi-project | 1 Glpi | 2023-09-29 | N/A | 9.1 CRITICAL |
| GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-42487 | 1 Soundminer | 1 Soundminer | 2023-09-29 | N/A | 7.5 HIGH |
| Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2023-40532 | 1 Collne | 1 Welcart | 2023-09-28 | N/A | 4.3 MEDIUM |
| Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | |||||
| CVE-2021-44725 | 1 Knime | 1 Knime Server | 2023-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | |||||
| CVE-2023-2315 | 1 Opencart | 1 Opencart | 2023-09-27 | N/A | 8.8 HIGH |
| Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | |||||
| CVE-2023-38346 | 1 Windriver | 1 Vxworks | 2023-09-26 | N/A | 8.8 HIGH |
| An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior. | |||||
| CVE-2023-43382 | 1 Iteachyou | 1 Dreamer Cms | 2023-09-26 | N/A | 8.8 HIGH |
| Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | |||||
| CVE-2023-4760 | 1 Eclipse | 1 Remote Application Platform | 2023-09-26 | N/A | 9.8 CRITICAL |
| In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept. For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed. | |||||
| CVE-2023-41302 | 1 Huawei | 2 Emui, Harmonyos | 2023-09-25 | N/A | 7.5 HIGH |
| Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2023-39407 | 1 Huawei | 1 Harmonyos | 2023-09-25 | N/A | 9.1 CRITICAL |
| The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. | |||||
| CVE-2023-42280 | 1 Springernature | 1 Mee-admin | 2023-09-25 | N/A | 7.5 HIGH |
| mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading. | |||||
| CVE-2021-44965 | 1 Phpgurukul | 1 Employee Record Management System | 2023-09-25 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | |||||