Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26045 | 1 Nodebb | 1 Nodebb | 2023-08-31 | N/A | 9.8 CRITICAL |
| NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit. | |||||
| CVE-2023-20890 | 1 Vmware | 1 Aria Operations For Networks | 2023-08-31 | N/A | 7.2 HIGH |
| Aria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution. | |||||
| CVE-2023-3406 | 1 M-files | 1 Classic Web | 2023-08-31 | N/A | 6.5 MEDIUM |
| Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | |||||
| CVE-2009-2109 | 1 Fretsweb Project | 1 Fretsweb | 2023-08-31 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php. | |||||
| CVE-2023-39699 | 1 Icewarp | 1 Mail Server | 2023-08-30 | N/A | 9.8 CRITICAL |
| IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | |||||
| CVE-2023-40828 | 1 Pf4j Project | 1 Pf4j | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | |||||
| CVE-2023-40827 | 1 Pf4j Project | 1 Pf4j | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | |||||
| CVE-2023-40826 | 1 Pf4j Project | 1 Pf4j | 2023-08-29 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. | |||||
| CVE-2023-37428 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2023-08-29 | N/A | 7.2 HIGH |
| A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
| CVE-2023-32756 | 1 Edetw | 1 U-office Force | 2023-08-29 | N/A | 7.5 HIGH |
| e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. | |||||
| CVE-2023-3348 | 1 Cloudflare | 1 Wrangler | 2023-08-29 | N/A | 5.7 MEDIUM |
| The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. | |||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2023-08-28 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | |||||
| CVE-2023-39141 | 1 Ziahamza | 1 Webui-aria2 | 2023-08-28 | N/A | 7.5 HIGH |
| webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2023-08-28 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2023-3330 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2023-08-28 | N/A | 4.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | |||||
| CVE-2023-25914 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2023-08-24 | N/A | 7.5 HIGH |
| Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface. | |||||
| CVE-2023-2971 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2023-08-24 | N/A | 6.5 MEDIUM |
| Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | |||||
| CVE-2023-2316 | 3 Linux, Microsoft, Typora | 3 Linux Kernel, Windows, Typora | 2023-08-24 | N/A | 7.4 HIGH |
| Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | |||||
| CVE-2023-2110 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2023-08-24 | N/A | 7.1 HIGH |
| Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | |||||
| CVE-2023-3697 | 1 Asustor | 1 Data Master | 2023-08-23 | N/A | 8.8 HIGH |
| Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | |||||