Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8497 | 1 Franklinfueling | 1 Ts-550 Evo Firmware | 2024-09-26 | 7.5 High |
| Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials. | ||||
| CVE-2024-8778 | 1 Syscomgo | 1 Omflow | 2024-09-20 | 6.5 Medium |
| OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files. | ||||
| CVE-2021-21586 | 1 Dell | 1 Wyse Management Suite | 2024-09-17 | 8.1 High |
| Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | ||||
| CVE-2021-30173 | 1 Junhetec | 1 Omnidirectional Communication System | 2024-09-17 | 6.5 Medium |
| Local File Inclusion vulnerability of the omni-directional communication system allows remote authenticated attacker inject absolute path into Url parameter and access arbitrary file. | ||||
| CVE-2018-20250 | 1 Rarlab | 1 Winrar | 2024-09-17 | 7.8 High |
| In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path. | ||||
| CVE-2021-32506 | 1 Qsan | 1 Storage Manager | 2024-09-16 | 6.5 Medium |
| Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 . | ||||
| CVE-2021-32507 | 1 Qsan | 1 Storage Manager | 2024-09-16 | 6.5 Medium |
| Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2024-7323 | 1 Digiwin | 1 Easyflow .net | 2024-09-11 | 6.5 Medium |
| Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server . | ||||
| CVE-2024-1703 | 2024-08-27 | 3.5 Low | ||
| A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-41830 | 2024-08-15 | 6.5 Medium | ||
| An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. | ||||
| CVE-2024-33620 | 2024-08-13 | 8.6 High | ||
| Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker. | ||||
| CVE-2017-7929 | 1 Advantech | 1 Webaccess | 2024-08-05 | N/A |
| An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories. | ||||
| CVE-2024-28806 | 2024-08-05 | 7.5 High | ||
| An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path. | ||||
| CVE-2022-24877 | 1 Fluxcd | 2 Flux2, Kustomize-controller | 2024-08-03 | 9.9 Critical |
| Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user's CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. | ||||
| CVE-2022-20958 | 1 Cisco | 1 Broadworks Commpilot Application | 2024-08-03 | 8.3 High |
| A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]] | ||||
| CVE-2022-1554 | 1 Clinical-genomics | 1 Scout | 2024-08-03 | 7.5 High |
| Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | ||||
| CVE-2023-50955 | 2024-08-02 | 2.4 Low | ||
| IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. | ||||
| CVE-2023-36786 | 1 Microsoft | 1 Skype For Business Server | 2024-08-02 | 7.2 High |
| Skype for Business Remote Code Execution Vulnerability | ||||
| CVE-2023-32054 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-08-02 | 7.3 High |
| Volume Shadow Copy Elevation of Privilege Vulnerability | ||||
| CVE-2023-30970 | 1 Palantir | 2 Gotham Blackbird-witchcraft, Gotham Static-assets-servlet | 2024-08-02 | 6.5 Medium |
| Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. | ||||