Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4861 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-3949 | 1 Tp-link | 2 Tl-r600vpn, Tl-r600vpn Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. | |||||
| CVE-2018-3822 | 1 Elastic | 1 X-pack | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. | |||||
| CVE-2018-3787 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server. | |||||
| CVE-2018-3770 | 1 Markdown-pdf Project | 1 Markdown-pdf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files. | |||||
| CVE-2018-3766 | 1 Buttle Project | 1 Buttle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | |||||
| CVE-2018-3760 | 3 Debian, Redhat, Sprockets Project | 4 Debian Linux, Cloudforms, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | |||||
| CVE-2018-3758 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | |||||
| CVE-2018-3744 | 1 Html-pages Project | 1 Html-pages | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. | |||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3731 | 1 Public.js Project | 1 Public.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3729 | 1 Localhost-now Project | 1 Localhost-now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3724 | 1 General-file-server Project | 1 General-file-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | |||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||