Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34216 | 1 Moxa | 4 Tn-4900, Tn-4900 Firmware, Tn-5900 and 1 more | 2024-11-21 | 8.1 High |
| TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. | ||||
| CVE-2023-34208 | 1 Easyuse | 1 Mailhunter Ultimate | 2024-11-21 | 6.5 Medium |
| Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | ||||
| CVE-2023-34135 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 6.5 Medium |
| Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34129 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 8.8 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34125 | 1 Sonicwall | 2 Analytics, Global Management System | 2024-11-21 | 6.5 Medium |
| Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | ||||
| CVE-2023-34117 | 1 Zoom | 1 Zoom Software Development Kit | 2024-11-21 | 3.3 Low |
| Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | ||||
| CVE-2023-34062 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | 7.5 High |
| In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | ||||
| CVE-2023-33989 | 1 Sap | 1 Netweaver Bi Content | 2024-11-21 | 8.7 High |
| An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confidential files cannot be read but potentially some OS files can be over-written leading to system compromise. | ||||
| CVE-2023-33878 | 1 Intel | 2 Audio Install Package, Nuc P14e Laptop Element Cmcn1cc | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-33777 | 1 Prestashop | 1 Amazon | 2024-11-21 | 5.3 Medium |
| An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | ||||
| CVE-2023-33756 | 1 Foswiki | 1 Foswiki | 2024-11-21 | 7.5 High |
| An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | ||||
| CVE-2023-33369 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 9.1 Critical |
| A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | ||||
| CVE-2023-33365 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | 7.5 High |
| A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server. | ||||
| CVE-2023-33310 | 2024-11-21 | 6 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. | ||||
| CVE-2023-33227 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | ||||
| CVE-2023-33226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | ||||
| CVE-2023-32974 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 7.5 High |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later | ||||
| CVE-2023-32756 | 1 Edetw | 1 U-office Force | 2024-11-21 | 7.5 High |
| e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. | ||||
| CVE-2023-32676 | 1 Autolabproject | 1 Autolab | 2024-11-21 | 6.7 Medium |
| Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | ||||
| CVE-2023-32655 | 1 Intel | 6 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Enthusiast Nuc8i7hvkva, Nuc 8 Enthusiast Nuc8i7hvkvaw and 3 more | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||