Total
6050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34062 | 1 Pivotal | 1 Reactor Netty | 2023-11-21 | N/A | 7.5 HIGH |
| In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | |||||
| CVE-2023-35887 | 1 Apache | 1 Sshd | 2023-11-21 | N/A | 4.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10 | |||||
| CVE-2023-32278 | 1 Intel | 5 Nuc M15 Laptop Kit Evo Laprc510, Nuc M15 Laptop Kit Evo Laprc710, Nuc M15 Laptop Kit Laprc510 and 2 more | 2023-11-20 | N/A | 7.3 HIGH |
| Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-32655 | 1 Intel | 6 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Enthusiast Nuc8i7hvkva, Nuc 8 Enthusiast Nuc8i7hvkvaw and 3 more | 2023-11-20 | N/A | 7.3 HIGH |
| Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-33878 | 1 Intel | 2 Audio Install Package, Nuc P14e Laptop Element Cmcn1cc | 2023-11-20 | N/A | 7.8 HIGH |
| Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27229 | 1 Intel | 11 Hdmi Firmware, Nuc 7 Business Nuc7i3dnhnc, Nuc 7 Business Nuc7i3dnktc and 8 more | 2023-11-20 | N/A | 7.8 HIGH |
| Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-39331 | 1 Nodejs | 1 Node.js | 2023-11-17 | N/A | 7.5 HIGH |
| A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2023-39332 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2023-11-17 | N/A | 9.8 CRITICAL |
| Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | |||||
| CVE-2023-45880 | 1 Gibbonedu | 1 Gibbon | 2023-11-17 | N/A | 7.2 HIGH |
| GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot. | |||||
| CVE-2022-28148 | 2 Jenkins, Microsoft | 2 Continuous Integration With Toad Edge, Windows | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | |||||
| CVE-2022-28146 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2023-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | |||||
| CVE-2023-40054 | 1 Solarwinds | 1 Network Configuration Manager | 2023-11-17 | N/A | 8.8 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33226 | |||||
| CVE-2023-40055 | 1 Solarwinds | 1 Network Configuration Manager | 2023-11-17 | N/A | 8.8 HIGH |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-33227 | |||||
| CVE-2023-47613 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2023-11-16 | N/A | 7.1 HIGH |
| A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. | |||||
| CVE-2023-36667 | 1 Couchbase | 1 Couchbase Server | 2023-11-15 | N/A | 7.5 HIGH |
| Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | |||||
| CVE-2023-46253 | 1 Squidex.io | 1 Squidex | 2023-11-15 | N/A | 7.2 HIGH |
| Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these backups are the assets uploaded to an App. For each asset, the backup zip archive contains a `.asset` file with the actual content of the asset as well as a related `AssetCreatedEventV2` event, which is stored in a JSON file. Amongst other things, the JSON file contains the event type (`AssetCreatedEventV2`), the ID of the asset (`46c05041-9588-4179-b5eb-ddfcd9463e1e`), its filename (`test.txt`), and its file version (`0`). When a backup with this event is restored, the `BackupAssets.ReadAssetAsync` method is responsible for re-creating the asset. For this purpose, it determines the name of the `.asset` file in the zip archive, reads its content, and stores the content in the filestore. When the asset is stored in the filestore via the UploadAsync method, the assetId and fileVersion are passed as arguments. These are further passed to the method GetFileName, which determines the filename where the asset should be stored. The assetId is inserted into the filename without any sanitization and an attacker with squidex.admin.restore privileges to run arbitrary operating system commands on the underlying server (RCE). | |||||
| CVE-2022-23107 | 1 Jenkins | 1 Warnings Next Generation | 2023-11-15 | 5.5 MEDIUM | 8.1 HIGH |
| Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | |||||
| CVE-2023-21268 | 1 Google | 1 Android | 2023-11-15 | N/A | 5.5 MEDIUM |
| In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-5355 | 1 Getawesomesupport | 1 Awesome Support | 2023-11-14 | N/A | 8.1 HIGH |
| The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. | |||||
| CVE-2023-39299 | 1 Qnap | 1 Music Station | 2023-11-14 | N/A | 7.5 HIGH |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later | |||||