Total
6500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0918 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-08-05 | N/A |
| Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution. | ||||
| CVE-2018-1002208 | 1 Sharpziplib Project | 1 Sharpziplib | 2024-08-05 | 5.5 Medium |
| SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1002202 | 1 Zip4j Project | 1 Zip4j | 2024-08-05 | N/A |
| zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1002204 | 1 Adm-zip Project | 1 Adm-zip | 2024-08-05 | 5.5 Medium |
| adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1002200 | 3 Codehaus-plexus, Debian, Redhat | 6 Plexus-archiver, Debian Linux, Enterprise Linux and 3 more | 2024-08-05 | N/A |
| plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1000850 | 2 Redhat, Squareup | 2 Jboss Fuse, Retrofit | 2024-08-05 | N/A |
| Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later. | ||||
| CVE-2018-1000863 | 2 Jenkins, Redhat | 3 Jenkins, Openshift, Openshift Container Platform | 2024-08-05 | N/A |
| A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins. | ||||
| CVE-2018-1000801 | 3 Debian, Kde, Redhat | 3 Debian Linux, Okular, Enterprise Linux | 2024-08-05 | N/A |
| okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | ||||
| CVE-2018-1000550 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2024-08-05 | N/A |
| The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32. | ||||
| CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 4 Debian Linux, Cloudforms, Cloudforms Managementengine and 1 more | 2024-08-05 | 9.8 Critical |
| rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | ||||
| CVE-2018-1000532 | 1 Beep Project | 1 Beep | 2024-08-05 | N/A |
| beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep. | ||||
| CVE-2018-1000194 | 2 Jenkins, Oracle | 2 Jenkins, Communications Cloud Native Core Automated Test Suite | 2024-08-05 | 8.1 High |
| A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. | ||||
| CVE-2018-1000406 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-05 | N/A |
| A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | ||||
| CVE-2018-1000161 | 1 Nmap | 1 Nmap | 2024-08-05 | N/A |
| nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. | ||||
| CVE-2018-1000079 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-08-05 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-1000083 | 1 Ajenti | 1 Ajenti | 2024-08-05 | N/A |
| Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server. | ||||
| CVE-2018-1000073 | 2 Redhat, Rubygems | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2024-08-05 | N/A |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. | ||||
| CVE-2018-25094 | 1 Kotchasan | 1 Online Accounting System | 2024-08-05 | 3.5 Low |
| A vulnerability was found in ระบบบัญชีออนไลน์ Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 9d9618422b980335bb30be612ea90f4f56cb992c. It is recommended to upgrade the affected component. The identifier VDB-246641 was assigned to this vulnerability. | ||||
| CVE-2018-25059 | 1 Pastebinit Project | 1 Pastebinit | 2024-08-05 | 3.5 Low |
| A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of the patch is 1af2facb6d95976c532b7f8f82747d454a092272. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217040. | ||||
| CVE-2018-25048 | 1 Codesys | 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more | 2024-08-05 | 8.8 High |
| The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | ||||