Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33756 | 1 Foswiki | 1 Foswiki | 2024-11-21 | 7.5 High |
| An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal. | ||||
| CVE-2023-33369 | 1 Assaabloy | 1 Control Id Idsecure | 2024-11-21 | 9.1 Critical |
| A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service. | ||||
| CVE-2023-33365 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | 7.5 High |
| A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server. | ||||
| CVE-2023-33310 | 2024-11-21 | 6 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Valiano Unite Gallery Lite allows PHP Local File Inclusion.This issue affects Unite Gallery Lite: from n/a through 1.7.59. | ||||
| CVE-2023-33227 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | ||||
| CVE-2023-33226 | 1 Solarwinds | 1 Network Configuration Manager | 2024-11-21 | 8 High |
| The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | ||||
| CVE-2023-32974 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 7.5 High |
| A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later | ||||
| CVE-2023-32756 | 1 Edetw | 1 U-office Force | 2024-11-21 | 7.5 High |
| e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service. | ||||
| CVE-2023-32676 | 1 Autolabproject | 1 Autolab | 2024-11-21 | 6.7 Medium |
| Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | ||||
| CVE-2023-32655 | 1 Intel | 6 Nuc 8 Business Nuc8i7hnkqc, Nuc 8 Enthusiast Nuc8i7hvkva, Nuc 8 Enthusiast Nuc8i7hvkvaw and 3 more | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-32317 | 1 Autolabproject | 1 Autolab | 2024-11-21 | 6.7 Medium |
| Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. | ||||
| CVE-2023-32297 | 1 Lws | 1 Affiliation | 2024-11-21 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6. | ||||
| CVE-2023-32278 | 1 Intel | 5 Nuc M15 Laptop Kit Evo Laprc510, Nuc M15 Laptop Kit Evo Laprc710, Nuc M15 Laptop Kit Laprc510 and 2 more | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31461 | 1 Steelseries | 1 Gg | 2024-11-21 | 7.5 High |
| Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability. | ||||
| CVE-2023-31167 | 2 Microsoft, Selinc | 2 Windows, Sel-5036 Acselerator Bay Screen Builder | 2024-11-21 | 5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778. | ||||
| CVE-2023-31046 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2024-11-21 | 6.5 Medium |
| A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach getStaticContent in UIContentResource.class in the static-content-files servlet. | ||||
| CVE-2023-30967 | 1 Palantir | 1 Orbital Simulator | 2024-11-21 | 9.8 Critical |
| Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | ||||
| CVE-2023-30678 | 2 Google, Samsung | 2 Android, Calendar | 2024-11-21 | 5.1 Medium |
| Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file. | ||||
| CVE-2023-30451 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.9 Medium |
| In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | ||||
| CVE-2023-30200 | 1 Advancedplugins | 1 Ultimateimagetool | 2024-11-21 | 7.5 High |
| In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack. | ||||