Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-48389 | 1 Multisuns | 2 Easylog Web\+, Easylog Web\+ Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||||
| CVE-2023-48383 | 1 Netvision | 1 Airpass | 2024-11-21 | N/A | 7.5 HIGH |
| NetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||||
| CVE-2023-48382 | 1 Softnext | 1 Mail Sqr Expert | 2024-11-21 | N/A | 6.5 MEDIUM |
| Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | |||||
| CVE-2023-48381 | 1 Softnext | 1 Mail Sqr Expert | 2024-11-21 | N/A | 6.5 MEDIUM |
| Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion (LFI) vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | |||||
| CVE-2023-48378 | 1 Softnext | 1 Mail Sqr Expert | 2024-11-21 | N/A | 7.5 HIGH |
| Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||||
| CVE-2023-48373 | 1 Itpison | 1 Omicard Edm | 2024-11-21 | N/A | 7.5 HIGH |
| ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | |||||
| CVE-2023-48299 | 1 Pytorch | 1 Torchserve | 2024-11-21 | N/A | 5.3 MEDIUM |
| TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in open-source/public models, which can be downloaded from the internet, and take advantage of machines running Torchserve. The ZipSlip issue in TorchServe has been fixed by validating the paths of files contained within a zip archive before extracting them. TorchServe release 0.9.0 includes fixes to address the ZipSlip vulnerability. | |||||
| CVE-2023-48249 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | |||||
| CVE-2023-48246 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-48243 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 8.1 HIGH |
| The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | |||||
| CVE-2023-48242 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. | |||||
| CVE-2023-48185 | 1 Terra-mater | 1 Terra-master | 2024-11-21 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. | |||||
| CVE-2023-48166 | 1 Unify | 1 Openscape Voice | 2024-11-21 | N/A | 7.5 HIGH |
| A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system. | |||||
| CVE-2023-47890 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 8.8 HIGH |
| pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | |||||
| CVE-2023-47843 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | |||||
| CVE-2023-47702 | 3 Ibm, Linux, Microsoft | 4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view modify files on the system. IBM X-Force ID: 271196. | |||||
| CVE-2023-47624 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-11-21 | N/A | 7.5 HIGH |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | |||||
| CVE-2023-47613 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system. | |||||
| CVE-2023-47473 | 1 Fuwushe | 1 Ifair | 2024-11-21 | N/A | 7.5 HIGH |
| Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script. | |||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg-boot | 2024-11-21 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | |||||