Total
6458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7603 | 1 Logsign | 1 Unified Secops Platform | 2024-08-23 | 8.1 High |
| Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete directories in the context of root. Was ZDI-CAN-25028. | ||||
| CVE-2024-7602 | 1 Logsign | 1 Unified Secops Platform | 2024-08-23 | 6.5 Medium |
| Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-25027. | ||||
| CVE-2024-7601 | 1 Logsign | 1 Unified Secops Platform | 2024-08-23 | 8.1 High |
| Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25026. | ||||
| CVE-2024-7600 | 1 Logsign | 1 Unified Secops Platform | 2024-08-23 | 8.1 High |
| Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of root. Was ZDI-CAN-25025. | ||||
| CVE-2024-24579 | 1 Anchore | 1 Stereoscope | 2024-08-23 | 5.3 Medium |
| stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. | ||||
| CVE-2023-7260 | 1 Opentext | 1 Cx-e Voice | 2024-08-23 | N/A |
| Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | ||||
| CVE-2024-7634 | 2024-08-23 | 4.9 Medium | ||
| NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory. | ||||
| CVE-2024-41704 | 1 Librechat | 1 Librechat | 2024-08-22 | 9.8 Critical |
| LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. | ||||
| CVE-2024-34832 | 1 Cubecart | 1 Cubecart | 2024-08-22 | 9.8 Critical |
| Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters. | ||||
| CVE-2024-24938 | 1 Jetbrains | 1 Teamcity | 2024-08-22 | 5.3 Medium |
| In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | ||||
| CVE-2024-23671 | 2024-08-22 | 7.9 High | ||
| A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 through 4.4.3 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2024-1630 | 2024-08-22 | 7.7 High | ||
| Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component | ||||
| CVE-2024-6164 | 1 Ymc-22 | 1 Filter \& Grids | 2024-08-22 | 9.8 Critical |
| The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the post_layout parameter. This makes it possible for an unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | ||||
| CVE-2024-36795 | 2024-08-22 | 4.0 Medium | ||
| Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. | ||||
| CVE-2024-23467 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 9.6 Critical |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution. | ||||
| CVE-2024-23468 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 7.6 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-23472 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM. | ||||
| CVE-2024-28992 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 7.6 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-28993 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 7.6 High |
| The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | ||||
| CVE-2024-23466 | 1 Solarwinds | 1 Access Rights Manager | 2024-08-22 | 9.6 Critical |
| SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | ||||