Total
6640 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27534 | 6 Broadcom, Fedoraproject, Haxx and 3 more | 15 Brocade Fabric Operating System Firmware, Fedora, Curl and 12 more | 2024-08-02 | 8.8 High |
| A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | ||||
| CVE-2023-27507 | 1 Microengine | 1 Mailform | 2024-08-02 | 9.8 Critical |
| MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | ||||
| CVE-2023-27501 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 8.7 High |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrity | ||||
| CVE-2023-27500 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 9.6 Critical |
| An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable. | ||||
| CVE-2023-27475 | 1 Goutil Project | 1 Goutil | 2024-08-02 | 8.8 High |
| Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-27409 | 1 Siemens | 2 Scalance Lpe9403, Scalance Lpe9403 Firmware | 2024-08-02 | 2.5 Low |
| A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`. | ||||
| CVE-2023-27311 | 1 Netapp | 1 Blue Xp Connector | 2024-08-02 | 5.3 Medium |
| NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. | ||||
| CVE-2023-27269 | 1 Sap | 1 Netweaver Application Server Abap | 2024-08-02 | 9.6 Critical |
| SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable. | ||||
| CVE-2023-27105 | 1 Shanling | 3 Eddict Player, M2x, Mtouch Os | 2024-08-02 | 9.8 Critical |
| A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | ||||
| CVE-2023-27067 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 7.5 High |
| Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | ||||
| CVE-2023-27066 | 1 Sitecore | 1 Experience Platform | 2024-08-02 | 6.5 Medium |
| Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | ||||
| CVE-2023-27055 | 1 Aver | 1 Ptzapp 2 | 2024-08-02 | 7.5 High |
| Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request. | ||||
| CVE-2023-26969 | 1 Atrocore | 1 Atropim | 2024-08-02 | 7.5 High |
| Atropim 1.5.26 is vulnerable to Directory Traversal. | ||||
| CVE-2023-26758 | 1 Smeup | 1 Erp | 2024-08-02 | 7.5 High |
| Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | ||||
| CVE-2023-26526 | 2024-08-02 | 7.7 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1. | ||||
| CVE-2023-26820 | 1 Siteproxy Project | 1 Siteproxy | 2024-08-02 | 7.5 High |
| siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. | ||||
| CVE-2023-26559 | 1 Sync | 2 Oxygen Content Fusion, Oxygen Xml Web Author | 2024-08-02 | 5.3 Medium |
| A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.) | ||||
| CVE-2023-26802 | 1 Dcnglobal | 2 Dcbi-netlog-lab, Dcbi-netlog-lab Firmware | 2024-08-02 | 9.8 Critical |
| An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. | ||||
| CVE-2023-26441 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-08-02 | 5.7 Medium |
| Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known. | ||||
| CVE-2023-26361 | 1 Adobe | 1 Coldfusion | 2024-08-02 | 4.9 Medium |
| Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges. | ||||