Vulnerabilities (CVE)

Filtered by CWE-23
Total 269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-3122 2024-11-21 N/A 4.9 MEDIUM
CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system.
CVE-2024-3025 2024-11-21 N/A 9.9 CRITICAL
mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database.
CVE-2024-37138 1 Dell 1 Data Domain Operating System 2024-11-21 N/A 4.1 MEDIUM
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system.
CVE-2024-35186 2024-11-21 N/A 8.8 HIGH
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.
CVE-2024-34712 2024-11-21 N/A 6.5 MEDIUM
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with `encodeURIComponent` before providing it to the library.
CVE-2024-33615 2024-11-21 N/A 8.8 HIGH
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.
CVE-2024-32005 2024-11-21 N/A 8.2 HIGH
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-2461 2024-11-21 N/A N/A
If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible
CVE-2024-24942 1 Jetbrains 1 Teamcity 2024-11-21 N/A 5.3 MEDIUM
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives
CVE-2024-24940 1 Jetbrains 1 Intellij Idea 2024-11-21 N/A 2.8 LOW
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
CVE-2024-24938 1 Jetbrains 1 Teamcity 2024-11-21 N/A 5.3 MEDIUM
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation
CVE-2024-24578 2024-11-21 N/A 10.0 CRITICAL
RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch.
CVE-2024-22421 2 Fedoraproject, Jupyter 3 Fedora, Jupyterlab, Notebook 2024-11-21 N/A 7.6 HIGH
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix.
CVE-2024-22415 1 Jupyter 1 Language Server Protocol Integration 2024-11-21 N/A 7.3 HIGH
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.
CVE-2024-22398 2024-11-21 N/A 4.9 MEDIUM
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.
CVE-2024-22226 1 Dell 1 Unity Operating Environment 2024-11-21 N/A 3.3 LOW
Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.
CVE-2024-22096 1 Rapidscada 1 Rapid Scada 2024-11-21 N/A 6.5 MEDIUM
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system.
CVE-2024-20352 2024-11-21 N/A 4.9 MEDIUM
A vulnerability in Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a directory traversal attack, which could allow the attacker to perform arbitrary actions on an affected device. This vulnerability is due to insufficient protections for the web UI of an affected system. An attacker could exploit this vulnerability by sending crafted requests to the web UI. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user, such as accessing password or log files or uploading and deleting existing files from the system.
CVE-2024-20310 2024-11-21 N/A 6.1 MEDIUM
A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against an authenticated user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
CVE-2024-1485 2 Devfile, Redhat 3 Registry-support, Openshift, Openshift Developer Tools And Services 2024-11-21 N/A 8.0 HIGH
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.