Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6021 | 1 Ray Project | 1 Ray | 2023-12-06 | N/A | 7.5 HIGH |
| LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | |||||
| CVE-2023-6023 | 1 Vertaai | 1 Modeldb | 2023-11-28 | N/A | 7.5 HIGH |
| An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. | |||||
| CVE-2023-6130 | 1 Salesagility | 1 Suitecrm | 2023-11-17 | N/A | 8.8 HIGH |
| Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | |||||
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2023-11-07 | N/A | 7.8 HIGH |
| The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | |||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2023-11-02 | N/A | 9.8 CRITICAL |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | |||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2023-06-28 | N/A | 7.3 HIGH |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | |||||
| CVE-2023-2984 | 2 Microsoft, Pimcore | 2 Windows, Pimcore | 2023-06-05 | N/A | 8.8 HIGH |
| Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. | |||||
| CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2023-05-25 | N/A | 9.8 CRITICAL |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | |||||
| CVE-2023-1034 | 1 Salesagility | 1 Suitecrm | 2023-03-06 | N/A | 8.8 HIGH |
| Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. | |||||
| CVE-2023-0316 | 1 Froxlor | 1 Froxlor | 2023-01-24 | N/A | 5.5 MEDIUM |
| Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor prior to 2.0.0. | |||||