Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4152 | 1 Frauscher | 1 Frauscher Diagnostic System 101 | 2023-09-23 | N/A | 7.5 HIGH |
| Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device. | |||||
| CVE-2015-5467 | 1 Yiiframework | 1 Yii | 2023-09-22 | N/A | 9.8 CRITICAL |
| web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | |||||
| CVE-2022-45447 | 1 Prestashop | 1 M4 Pdf | 2023-09-22 | N/A | 6.5 MEDIUM |
| M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists. | |||||
| CVE-2023-32003 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2023-09-21 | N/A | 5.3 MEDIUM |
| `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2023-41599 | 1 Jfinalcms Project | 1 Jfinalcms | 2023-09-19 | N/A | 5.3 MEDIUM |
| An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. | |||||
| CVE-2022-28357 | 1 Linuxfoundation | 1 Nats-server | 2023-09-19 | N/A | 9.8 CRITICAL |
| NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account. | |||||
| CVE-2023-40924 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2023-09-19 | N/A | 7.5 HIGH |
| SolarView Compact < 6.00 is vulnerable to Directory Traversal. | |||||
| CVE-2023-39916 | 1 Nlnetlabs | 1 Routinator | 2023-09-19 | N/A | 6.5 MEDIUM |
| NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it. | |||||
| CVE-2022-4510 | 1 Microsoft | 1 Binwalk | 2023-09-17 | N/A | 7.8 HIGH |
| A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included. | |||||
| CVE-2023-38256 | 1 Doverfuelingsolutions | 2 Maglink Lx 3, Maglink Lx Web Console Configuration | 2023-09-15 | N/A | 7.5 HIGH |
| Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system. | |||||
| CVE-2023-34478 | 1 Apache | 1 Shiro | 2023-09-15 | N/A | 9.8 CRITICAL |
| Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ | |||||
| CVE-2023-32004 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2023-09-15 | N/A | 8.8 HIGH |
| A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2023-31861 | 1 Zlmediakit | 1 Zlmediakit | 2023-09-14 | N/A | 7.5 HIGH |
| ZLMediaKit 4.0 is vulnerable to Directory Traversal. | |||||
| CVE-2023-35670 | 1 Google | 1 Android | 2023-09-14 | N/A | 7.8 HIGH |
| In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-4914 | 1 Cecil | 1 Cecil | 2023-09-14 | N/A | 7.5 HIGH |
| Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. | |||||
| CVE-2022-33164 | 1 Ibm | 1 Security Directory Server | 2023-09-12 | N/A | 9.1 CRITICAL |
| IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. | |||||
| CVE-2023-4782 | 1 Hashicorp | 1 Terraform | 2023-09-12 | N/A | 7.8 HIGH |
| Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7. | |||||
| CVE-2021-35980 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-09-12 | N/A | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28644 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2023-09-12 | N/A | 7.8 HIGH |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-41930 | 1 Jenkins | 1 Job Configuration History | 2023-09-11 | N/A | 4.3 MEDIUM |
| Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin. | |||||