Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18990 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows a user-supplied path in file operations prior to proper validation. An attacker can leverage this vulnerability to disclose sensitive information under the context of the web server process. | |||||
| CVE-2018-17899 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| LAquis SCADA Versions 4.1.0.3870 and prior has a path traversal vulnerability, which may allow remote code execution. | |||||
| CVE-2018-17934 | 1 Nuuo | 1 Nuuo Cms | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. | |||||
| CVE-2018-18593 | 1 Hp | 1 Ucmdb Configuration Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information | |||||
| CVE-2018-19003 | 1 Ge | 6 Ex2100e, Ex2100e Firmware, Ls2100e and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. | |||||
| CVE-2018-16485 | 1 M-server Project | 1 M-server | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request. | |||||
| CVE-2018-16493 | 1 Static-resource-server Project | 1 Static-resource-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL. | |||||
| CVE-2018-16478 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root. | |||||
| CVE-2018-16473 | 1 Takeapeek Project | 1 Takeapeek | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. | |||||
| CVE-2018-16475 | 1 Knight Project | 1 Knight | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server. | |||||
| CVE-2018-16479 | 1 Http-live-simulator Project | 1 Http-live-simulator | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL. | |||||
| CVE-2018-16482 | 1 Mcstatic Project | 1 Mcstatic | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path. | |||||
| CVE-2018-14795 | 1 Emerson | 1 Deltav | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. | |||||
| CVE-2018-14806 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-15782 | 1 Rsa | 1 Authentication Manager | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system. | |||||
| CVE-2018-13299 | 1 Synology | 1 Calendar | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. | |||||
| CVE-2018-13812 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2018-12473 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. | |||||
| CVE-2018-11455 | 1 Siemens | 1 Automation License Manager | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required. | |||||
| CVE-2018-11051 | 1 Emc | 1 Rsa Certificate Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. A remote unauthenticated attacker could potentially exploit this vulnerability by manipulating input parameters of the application to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | |||||