Total
6432 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-09-20 | 9.4 Critical |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||||
| CVE-2023-3512 | 1 Setelsa-security | 1 Conacwin | 2024-09-19 | 7.5 High |
| Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. | ||||
| CVE-2023-3701 | 1 Aquaesolutions | 1 Aqua Drive | 2024-09-19 | 9.9 Critical |
| Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform. | ||||
| CVE-2023-43070 | 1 Dell | 1 Smartfabric Storage Software | 2024-09-19 | 6.3 Medium |
| Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container. | ||||
| CVE-2024-45401 | 1 Stripe | 2 Stripe-cli, Stripe Cli | 2024-09-19 | 7.6 High |
| stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability. | ||||
| CVE-2024-8304 | 1 Jpress | 1 Jpress | 2024-09-19 | 4.7 Medium |
| A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-36123 | 1 Plain Craft Launcher 2 Project | 1 Plain Craft Launcher 2 | 2024-09-19 | 7.8 High |
| Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. | ||||
| CVE-2024-36418 | 1 Salesagility | 1 Suitecrm | 2024-09-19 | 8.6 High |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | ||||
| CVE-2023-45352 | 1 Atos | 1 Unify Openscape Common Management | 2024-09-19 | 8.8 High |
| Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | ||||
| CVE-2023-23365 | 1 Qnap | 1 Music Station | 2024-09-19 | 7.7 High |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | ||||
| CVE-2023-23366 | 1 Qnap | 1 Music Station | 2024-09-19 | 7.7 High |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | ||||
| CVE-2024-45388 | 2 Hoverfly, Spectolabs | 2 Hoverfly, Hoverfly | 2024-09-19 | 7.5 High |
| Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, "/")`). This issue is also tracked as GHSL-2023-274. | ||||
| CVE-2024-46376 | 1 Best House Rental Management System | 1 Best House Rental Management System | 2024-09-19 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | ||||
| CVE-2024-46375 | 1 Best House Rental Management System | 1 Best House Rental Management System | 2024-09-19 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | ||||
| CVE-2023-34117 | 1 Zoom | 1 Zoom Software Development Kit | 2024-09-19 | 3.3 Low |
| Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | ||||
| CVE-2023-41373 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 15 more | 2024-09-19 | 9.9 Critical |
| A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-7216 | 2 Gnu, Redhat | 2 Cpio, Enterprise Linux | 2024-09-19 | 5.3 Medium |
| A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks. | ||||
| CVE-2024-7961 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | 9.8 Critical |
| A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. | ||||
| CVE-2024-8782 | 2 Heyewei, Jfinalcms Project | 2 Jfinalcms, Jfinalcms | 2024-09-19 | 6.3 Medium |
| A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-27916 | 2024-09-18 | 8.1 High | ||
| Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. | ||||