Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4423 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. | |||||
| CVE-2019-4400 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261. | |||||
| CVE-2019-4384 | 1 Ibm | 1 Campaign | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172. | |||||
| CVE-2019-4268 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201. | |||||
| CVE-2019-4252 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883. | |||||
| CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 6.4 MEDIUM | 6.4 MEDIUM |
| IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. | |||||
| CVE-2019-3976 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled. | |||||
| CVE-2019-3967 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system. | |||||
| CVE-2019-3943 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk). | |||||
| CVE-2019-3902 | 3 Debian, Mercurial, Redhat | 3 Debian Linux, Mercurial, Enterprise Linux | 2024-11-21 | 5.8 MEDIUM | 5.1 MEDIUM |
| A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. | |||||
| CVE-2019-3880 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. | |||||
| CVE-2019-3828 | 1 Redhat | 1 Ansible | 2024-11-21 | 3.3 LOW | 4.2 MEDIUM |
| Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path. | |||||
| CVE-2019-3816 | 4 Fedoraproject, Opensuse, Openwsman Project and 1 more | 11 Fedora, Leap, Openwsman and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. | |||||
| CVE-2019-3799 | 2 Oracle, Vmware | 2 Communications Cloud Native Core Policy, Spring Cloud Config | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. | |||||
| CVE-2019-3744 | 1 Dell | 1 Digital Delivery | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges. | |||||
| CVE-2019-3737 | 1 Dell | 1 Avamar Data Migration Enabler Web Interface | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. | |||||
| CVE-2019-3720 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters. | |||||
| CVE-2019-3696 | 2 Opensuse, Suse | 5 Leap, Pcp, Linux Enterprise High Performance Computing and 2 more | 2024-11-21 | 4.4 MEDIUM | 8.4 HIGH |
| A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1. | |||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests. | |||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input. | |||||