Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26256 | 1 Stagil | 1 Stagil Navigation | 2023-03-07 | N/A | 7.5 HIGH |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system. | |||||
| CVE-2023-26255 | 1 Stagil | 1 Stagil Navigation | 2023-03-07 | N/A | 7.5 HIGH |
| An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjCustomDesignConfig endpoint, it is possible to traverse and read the file system. | |||||
| CVE-2023-25265 | 1 Docmosis | 1 Tornado | 2023-03-07 | N/A | 7.5 HIGH |
| Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading to the disclosure of arbitrary content on the file system. | |||||
| CVE-2023-20943 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 | |||||
| CVE-2023-1009 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2023-03-06 | N/A | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-26758 | 1 Smeup | 1 Erp | 2023-03-03 | N/A | 7.5 HIGH |
| Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. | |||||
| CVE-2023-22776 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 4.9 MEDIUM |
| An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files. | |||||
| CVE-2023-22774 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 6.5 MEDIUM |
| Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | |||||
| CVE-2023-22773 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 6.5 MEDIUM |
| Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to delete arbitrary files in the underlying operating system. | |||||
| CVE-2022-35861 | 1 Pyenv | 1 Pyenv | 2023-03-03 | 4.6 MEDIUM | 7.8 HIGH |
| pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | |||||
| CVE-2019-14418 | 1 Veritas | 1 Resiliency Platform | 2023-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. | |||||
| CVE-2022-48285 | 1 Jszip Project | 1 Jszip | 2023-03-03 | N/A | 7.3 HIGH |
| loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | |||||
| CVE-2022-32190 | 1 Golang | 1 Go | 2023-03-03 | N/A | 7.5 HIGH |
| JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | |||||
| CVE-2023-25579 | 1 Nextcloud | 1 Nextcloud Server | 2023-03-03 | N/A | 7.5 HIGH |
| Nextcloud server is a self hosted home cloud product. In affected versions the `OC\Files\Node\Folder::getFullPath()` function was validating and normalizing the string in the wrong order. The function is used in the `newFile()` and `newFolder()` items, which may allow to creation of paths outside of ones own space and overwriting data from other users with crafted paths. This issue has been addressed in versions 25.0.2, 24.0.8, and 23.0.12. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-23063 | 1 Cellinx | 1 Nvt Web Server | 2023-03-03 | N/A | 7.5 HIGH |
| Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure. | |||||
| CVE-2023-1044 | 1 Muyucms | 1 Muyucms | 2023-03-02 | N/A | 8.8 HIGH |
| A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803. | |||||
| CVE-2023-1043 | 1 Muyucms | 1 Muyucms | 2023-03-02 | N/A | 4.3 MEDIUM |
| A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1045 | 1 Muyucms | 1 Muyucms | 2023-03-02 | N/A | 8.1 HIGH |
| A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804. | |||||
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2023-03-02 | N/A | 7.8 HIGH |
| The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | |||||
| CVE-2023-22973 | 1 Open-emr | 1 Openemr | 2023-03-02 | N/A | 8.8 HIGH |
| A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. | |||||