Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24592 | 1 Intel | 5 Advisor, Inspector, Mpi Library and 2 more | 2024-11-21 | N/A | 7.3 HIGH |
| Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24416 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7. | |||||
| CVE-2023-24379 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9. | |||||
| CVE-2023-24256 | 1 Nio | 2 Aspen, Ec6 | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. | |||||
| CVE-2023-23946 | 1 Git-scm | 1 Git | 2024-11-21 | N/A | 6.2 MEDIUM |
| Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. | |||||
| CVE-2023-23907 | 1 Milesight | 1 Milesightvpn | 2024-11-21 | N/A | 7.5 HIGH |
| A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-23872 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. | |||||
| CVE-2023-23842 | 1 Solarwinds | 1 Network Configuration Monitor | 2024-11-21 | N/A | 7.2 HIGH |
| The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | |||||
| CVE-2023-23784 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 5.7 MEDIUM |
| A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests. | |||||
| CVE-2023-23778 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | N/A | 4.9 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests. | |||||
| CVE-2023-23760 | 1 Github | 1 Enterprise Server | 2024-11-21 | N/A | 4.9 MEDIUM |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2023-23700 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. | |||||
| CVE-2023-23608 | 1 Spotipy Project | 1 Spotipy | 2024-11-21 | N/A | N/A |
| Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an attacker to insert arbitrary characters into the path that is used for API requests. Because it is possible to include "..", an attacker can redirect for example a track lookup via spotifyApi.track() to an arbitrary API endpoint like playlists, but this is possible for other endpoints as well. The impact of this vulnerability depends heavily on what operations a client application performs when it handles a URI from a user and how it uses the responses it receives from the API. This issue is patched in version 2.22.1. | |||||
| CVE-2023-23547 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2023-23366 | 1 Qnap | 1 Music Station | 2024-11-21 | N/A | 7.7 HIGH |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | |||||
| CVE-2023-23365 | 1 Qnap | 1 Music Station | 2024-11-21 | N/A | 7.7 HIGH |
| A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | |||||
| CVE-2023-23063 | 1 Cellinx | 1 Nvt Web Server | 2024-11-21 | N/A | 7.5 HIGH |
| Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. | |||||
| CVE-2023-22973 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.8 HIGH |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | |||||
| CVE-2023-22914 | 1 Zyxel | 22 Usg Flex 100, Usg Flex 100 Firmware, Usg Flex 100w and 19 more | 2024-11-21 | N/A | 7.2 HIGH |
| A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. | |||||
| CVE-2023-22901 | 1 Changingtec | 1 Mobile One Time Password | 2024-11-21 | N/A | 4.9 MEDIUM |
| ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. | |||||