Total
7210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25689 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A | 2.7 LOW |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618. | |||||
| CVE-2023-25688 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606. | |||||
| CVE-2023-25652 | 2 Fedoraproject, Git-scm | 2 Fedora, Git | 2024-11-21 | N/A | 7.5 HIGH |
| Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. | |||||
| CVE-2023-25606 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 6.5 MEDIUM |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | |||||
| CVE-2023-25579 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 6.0 MEDIUM |
| Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-25508 | 1 Nvidia | 2 Bmc, Dgx-1 | 2024-11-21 | N/A | 6.7 MEDIUM |
| NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | |||||
| CVE-2023-25307 | 1 Mrpack-install Project | 1 Mrpack-install | 2024-11-21 | N/A | 7.8 HIGH |
| nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. | |||||
| CVE-2023-25306 | 1 Multimc | 1 Multimc | 2024-11-21 | N/A | 7.5 HIGH |
| MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. | |||||
| CVE-2023-25304 | 1 Prismlauncher | 1 Prism Launcher | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file. | |||||
| CVE-2023-25186 | 1 Nokia | 2 Asika Airscale, Asika Airscale Firmware | 2024-11-21 | N/A | 5.1 MEDIUM |
| An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory path traversal in the Nokia BTS baseband unit diagnostic tool AaShell (which is by default disabled) provides access to the BTS baseband unit internal filesystem from the mobile network solution internal BTS management network. | |||||
| CVE-2023-25050 | 2024-11-21 | N/A | 7.1 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6. | |||||
| CVE-2023-24960 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 246333 | |||||
| CVE-2023-24836 | 1 Sun.net | 1 Ctms | 2024-11-21 | N/A | 8.8 HIGH |
| SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-24815 | 1 Eclipse | 1 Vert.x-web | 2024-11-21 | N/A | 4.8 MEDIUM |
| Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-24698 | 1 Foswiki | 1 Foswiki | 2024-11-21 | N/A | 7.5 HIGH |
| Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. | |||||
| CVE-2023-24592 | 1 Intel | 5 Advisor, Inspector, Mpi Library and 2 more | 2024-11-21 | N/A | 7.3 HIGH |
| Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-24416 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7. | |||||
| CVE-2023-24379 | 2024-11-21 | N/A | 6.8 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects Landing Page Builder – Free Landing Page Templates: from n/a through 3.1.9.9. | |||||
| CVE-2023-24256 | 1 Nio | 2 Aspen, Ec6 | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. | |||||
| CVE-2023-23946 | 1 Git-scm | 1 Git | 2024-11-21 | N/A | 6.2 MEDIUM |
| Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. | |||||