Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27145 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27144 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-27121 | 2024-11-21 | N/A | 7.2 HIGH | ||
| Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section. | |||||
| CVE-2024-25859 | 2024-11-21 | N/A | 7.1 HIGH | ||
| A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. | |||||
| CVE-2024-25830 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. | |||||
| CVE-2024-25614 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. | |||||
| CVE-2024-25567 | 2024-11-21 | N/A | 8.1 HIGH | ||
| Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. | |||||
| CVE-2024-25461 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. | |||||
| CVE-2024-25386 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. | |||||
| CVE-2024-25164 | 2024-11-21 | N/A | 7.5 HIGH | ||
| iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. | |||||
| CVE-2024-25136 | 2024-11-21 | N/A | 7.5 HIGH | ||
| There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. | |||||
| CVE-2024-25125 | 1 Treasuredata | 1 Digdag | 2024-11-21 | N/A | 5.3 MEDIUM |
| Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-25006 | 2024-11-21 | N/A | 8.1 HIGH | ||
| XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. | |||||
| CVE-2024-25000 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24999 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24997 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24994 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
| CVE-2024-24942 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||||
| CVE-2024-24940 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 2.8 LOW |
| In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives | |||||
| CVE-2024-24938 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | |||||