Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55657 | 2024-12-12 | N/A | ||
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-55658 | 2024-12-12 | N/A | ||
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-55659 | 2024-12-12 | N/A | ||
| SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue. | ||||
| CVE-2024-8647 | 1 Gitlab | 1 Gitlab | 2024-12-12 | 5.4 Medium |
| An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | ||||
| CVE-2024-50626 | 2024-12-12 | 8.8 High | ||
| An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data. | ||||
| CVE-2023-35844 | 1 Lightdash | 1 Lightdash | 2024-12-12 | 7.5 High |
| packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used. | ||||
| CVE-2023-35843 | 1 Nocodb | 1 Nocodb | 2024-12-12 | 7.5 High |
| NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information. | ||||
| CVE-2023-35840 | 1 Std42 | 1 Elfinder | 2024-12-12 | 6.5 Medium |
| _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | ||||
| CVE-2023-25186 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-12-11 | 5.1 Medium |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network. | ||||
| CVE-2024-53523 | 2024-12-11 | 7.5 High | ||
| JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. | ||||
| CVE-2024-53490 | 2024-12-11 | 7.5 High | ||
| Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. | ||||
| CVE-2023-35852 | 1 Oisf | 1 Suricata | 2024-12-11 | 7.5 High |
| In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation. | ||||
| CVE-2024-5154 | 2 Kubernetes, Redhat | 4 Cri-o, Enterprise Linux, Openshift and 1 more | 2024-12-11 | 8.1 High |
| A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | ||||
| CVE-2024-44167 | 2 Apple, Mercurycom | 6 Ios And Ipados, Ipados, Iphone Os and 3 more | 2024-12-11 | 8.1 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to overwrite arbitrary files. | ||||
| CVE-2023-50955 | 1 Ibm | 1 Infosphere Information Server | 2024-12-10 | 2.4 Low |
| IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777. | ||||
| CVE-2024-55602 | 2024-12-10 | 7.6 High | ||
| PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue. | ||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | ||||
| CVE-2024-33605 | 2024-12-10 | 7.5 High | ||
| Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-53790 | 1 Ogun Labs | 1 Lenxel Core | 2024-12-09 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5. | ||||
| CVE-2024-30417 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 7.5 High |
| Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||