Total
6435 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-28698 | 2024-08-02 | 9.8 Critical | ||
Directory Traversal vulnerability in Marimer LLC CSLA .Net before 8.0 allows a remote attacker to execute arbitrary code via a crafted script to the MobileFormatter component. | ||||
CVE-2024-28151 | 2024-08-02 | 4.3 Medium | ||
Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it. | ||||
CVE-2024-28073 | 2024-08-02 | 8.4 High | ||
SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | ||||
CVE-2024-27984 | 2024-08-02 | N/A | ||
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. | ||||
CVE-2024-27977 | 1 Ivanti | 1 Avalanche | 2024-08-02 | N/A |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. | ||||
CVE-2024-27971 | 1 Premmerce | 1 Permalink Manager For Woocommerce | 2024-08-02 | 8.3 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10. | ||||
CVE-2024-27976 | 1 Ivanti | 1 Avalanche | 2024-08-02 | N/A |
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
CVE-2024-27946 | 1 Siemens | 1 Ruggedcom Crossbow | 2024-08-02 | 6.5 Medium |
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename for the target file can be specified, thus arbitrary files can be overwritten by an attacker with the required privileges. | ||||
CVE-2024-27954 | 1 Wp Automatic | 1 Automatic | 2024-08-02 | 9.3 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0. | ||||
CVE-2024-27921 | 1 Getgrav | 1 Grav | 2024-08-02 | 8.8 High |
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue. | ||||
CVE-2024-27827 | 2024-08-02 | 6.2 Medium | ||
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files. | ||||
CVE-2024-27821 | 1 Apple | 4 Ios, Ipad Os, Macos and 1 more | 2024-08-02 | 7.5 High |
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent. | ||||
CVE-2024-27771 | 2024-08-02 | 8.8 High | ||
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | ||||
CVE-2024-27776 | 2024-08-02 | 9.8 Critical | ||
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE | ||||
CVE-2024-27768 | 2024-08-02 | 9.8 Critical | ||
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE | ||||
CVE-2024-27575 | 1 Inotec | 1 Gmbh Webserver | 2024-08-02 | 7.5 High |
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. | ||||
CVE-2024-27177 | 2024-08-02 | 7.2 High | ||
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
CVE-2024-27174 | 2024-08-02 | 9.8 Critical | ||
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
CVE-2024-27178 | 2024-08-02 | 7.2 High | ||
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
CVE-2024-27145 | 2024-08-02 | 9.8 Critical | ||
The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. |