Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25265 | 1 Docmosis | 1 Tornado | 2023-03-07 | N/A | 7.5 HIGH |
| Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | |||||
| CVE-2023-20943 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | |||||
| CVE-2023-26758 | 1 Smeup | 1 Erp | 2023-03-04 | N/A | 7.5 HIGH |
| Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | |||||
| CVE-2022-35861 | 1 Pyenv | 1 Pyenv | 2023-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | |||||
| CVE-2019-14418 | 1 Veritas | 1 Resiliency Platform | 2023-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | |||||
| CVE-2023-25579 | 1 Nextcloud | 1 Nextcloud Server | 2023-03-03 | N/A | 7.5 HIGH |
| Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-22973 | 1 Open-emr | 1 Openemr | 2023-03-03 | N/A | 8.8 HIGH |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | |||||
| CVE-2023-26265 | 1 Borg Project | 1 Borg | 2023-03-02 | N/A | 5.3 MEDIUM |
| The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them. | |||||
| CVE-2023-0947 | 1 Flatpress | 1 Flatpress | 2023-03-02 | N/A | 9.8 CRITICAL |
| Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. | |||||
| CVE-2019-10985 | 1 Advantech | 1 Webaccess | 2023-03-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| In WebAccess/SCADA, Versions 8.3.5 and prior, a path traversal vulnerability is caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage this vulnerability to delete files while posing as an administrator. | |||||
| CVE-2019-1785 | 1 Clamav | 1 Clamav | 2023-03-01 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | |||||
| CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2023-03-01 | N/A | 7.5 HIGH |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | |||||
| CVE-2018-18809 | 1 Tibco | 4 Jasperreports Library, Jasperreports Server, Jaspersoft and 1 more | 2023-03-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0. | |||||
| CVE-2019-0887 | 1 Microsoft | 10 Remote Desktop, Windows 10, Windows 11 21h2 and 7 more | 2023-03-01 | 8.5 HIGH | 8.0 HIGH |
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | |||||
| CVE-2019-13241 | 2 Canonical, Flightcrew Project | 2 Ubuntu Linux, Flightcrew | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
| CVE-2019-1010257 | 1 Article2pdf Project | 1 Article2pdf | 2023-02-28 | 7.5 HIGH | 9.1 CRITICAL |
| An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension. | |||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2023-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | |||||