Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-48243 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | 8.1 High |
| The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | ||||
| CVE-2023-48242 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | 6.5 Medium |
| The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | ||||
| CVE-2023-48185 | 1 Terra-mater | 1 Terra-master | 2024-11-21 | 7.5 High |
| Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. | ||||
| CVE-2023-48166 | 1 Unify | 1 Openscape Voice | 2024-11-21 | 7.5 High |
| A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system. | ||||
| CVE-2023-47890 | 1 Pyload | 1 Pyload | 2024-11-21 | 8.8 High |
| pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | ||||
| CVE-2023-47843 | 2024-11-21 | 7.6 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | ||||
| CVE-2023-47702 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | 4.3 Medium |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. | ||||
| CVE-2023-47624 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-11-21 | 7.5 High |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | ||||
| CVE-2023-47613 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | 4.4 Medium |
| A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. | ||||
| CVE-2023-47473 | 1 Fuwushe | 1 Ifair | 2024-11-21 | 7.5 High |
| Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. | ||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg-boot | 2024-11-21 | 6.5 Medium |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | ||||
| CVE-2023-47464 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2024-11-21 | 8.8 High |
| Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. | ||||
| CVE-2023-47440 | 1 Gladysassistant | 1 Gladys Assistant | 2024-11-21 | 6.5 Medium |
| Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. | ||||
| CVE-2023-47313 | 1 H-mdm | 1 Headwind Mdm | 2024-11-21 | 5.4 Medium |
| Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the temporary file with an absolute path without validating it. Attackers may modify this API call by referring to arbitrary files. As a result, arbitrary files can be moved to the files directory and so they can be downloaded. | ||||
| CVE-2023-47283 | 1 Cubecart | 1 Cubecart | 2024-11-21 | 4.9 Medium |
| Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | ||||
| CVE-2023-47279 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | 7.5 High |
| In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext credentials, or perform NTLM relaying. | ||||
| CVE-2023-47251 | 1 M-privacy | 2 Mprivacy-tools, Tightgatevnc | 2024-11-21 | 6.5 Medium |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem. | ||||
| CVE-2023-47222 | 1 Qnap | 1 Media Streaming Add-on | 2024-11-21 | 9.6 Critical |
| An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later | ||||
| CVE-2023-47221 | 2024-11-21 | 5.5 Medium | ||
| A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later | ||||
| CVE-2023-47211 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2024-11-21 | 9.1 Critical |
| A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. | ||||