Total
7129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19102 | 1 Br-automation | 1 Automation Studio | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip. | |||||
| CVE-2019-19088 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gitlab Enterprise Edition (EE) 11.3 through 12.4.2 allows Directory Traversal. | |||||
| CVE-2019-18978 | 3 Canonical, Debian, Rack-cors Project | 3 Ubuntu Linux, Debian Linux, Rack-cors | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | |||||
| CVE-2019-18951 | 1 Sibsoft | 1 Xfilesharing | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files. | |||||
| CVE-2019-18924 | 1 Systematic | 1 Iris Webforms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ (and variations), it is possible to list all the directories and check if a particular file exists. | |||||
| CVE-2019-18922 | 1 Alliedtelesis | 2 At-gs950\/8, At-gs950\/8 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. | |||||
| CVE-2019-18871 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | |||||
| CVE-2019-18870 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal via the iniFile parameter in excel.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to download arbitrary files from the host machine. | |||||
| CVE-2019-18665 | 1 Secudos | 1 Domos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion. | |||||
| CVE-2019-18393 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. | |||||
| CVE-2019-18371 | 1 Mi | 2 Millet Router 3g, Millet Router 3g Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. There is a directory traversal vulnerability to read arbitrary files via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication. | |||||
| CVE-2019-18253 | 1 Hitachienergy | 2 Relion 670, Relion 670 Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. | |||||
| CVE-2019-18212 | 3 Eclipse, Theia Xml Extension Project, Xml Language Server Project | 3 Wild Web Developer, Theia Xml Extension, Xml Server Project | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal. | |||||
| CVE-2019-18189 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication. | |||||
| CVE-2019-17662 | 1 Cybelsoft | 1 Thinvnc | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector. | |||||
| CVE-2019-17640 | 1 Eclipse | 1 Vert.x | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory. | |||||
| CVE-2019-17572 | 1 Apache | 1 Rocketmq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. | |||||
| CVE-2019-17538 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | |||||
| CVE-2019-17537 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | |||||
| CVE-2019-17406 | 1 Nokia | 1 Impact | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | |||||