Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3497 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference URL. | |||||
| CVE-2024-3122 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
| CHANGING Mobile One Time Password does not properly filter parameters for the file download functionality, allowing remote attackers with administrator privilege to read arbitrary file on the system. | |||||
| CVE-2024-37138 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 4.1 MEDIUM |
| Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the managed system. | |||||
| CVE-2024-35186 | 2024-11-21 | N/A | 8.8 HIGH | ||
| gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0. | |||||
| CVE-2024-34712 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as `Client.rest.channels.removeBan` is not url-encoded, resulting in specially crafted input such as `../../../channels/{id}` being normalized into the url `/api/v10/channels/{id}`, and deleting a channel rather than removing a ban. Version 1.10.4 fixes this issue. Some workarounds are available. One may sanitize user input, ensuring strings are valid for the purpose they are being used for. One may also encode input with `encodeURIComponent` before providing it to the library. | |||||
| CVE-2024-33615 | 2024-11-21 | N/A | 8.8 HIGH | ||
| A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. | |||||
| CVE-2024-32005 | 2024-11-21 | N/A | 8.2 HIGH | ||
| NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-2461 | 2024-11-21 | N/A | N/A | ||
| If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible | |||||
| CVE-2024-24942 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||||
| CVE-2024-24938 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | |||||
| CVE-2024-24578 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch. | |||||
| CVE-2024-22421 | 2 Fedoraproject, Jupyter | 3 Fedora, Jupyterlab, Notebook | 2024-11-21 | N/A | 7.6 HIGH |
| JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. | |||||
| CVE-2024-22398 | 2024-11-21 | N/A | 4.9 MEDIUM | ||
| An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system. | |||||
| CVE-2024-22226 | 1 Dell | 1 Unity Operating Environment | 2024-11-21 | N/A | 3.3 LOW |
| Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. | |||||
| CVE-2024-22096 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 6.5 MEDIUM |
| In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. | |||||
| CVE-2024-1485 | 2 Devfile, Redhat | 3 Registry-support, Openshift, Openshift Developer Tools And Services | 2024-11-21 | N/A | 8.0 HIGH |
| A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed. | |||||
| CVE-2024-0335 | 2024-11-21 | N/A | 7.5 HIGH | ||
| ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus S+ Operations: from 3..0;0 through 3.3 SP1 RU4, from 2.1;0 through 2.1 SP2 RU3, from 2.0;0 through 2.0 SP6 TC6; Symphony Plus S+ Engineering: from 2.1 through 2.3 RU3; Symphony Plus S+ Analyst: from 7.0.0.0 through 7.2.0.2. | |||||
| CVE-2023-6722 | 1 Europeana | 1 Repox | 2024-11-21 | N/A | 7.5 HIGH |
| A path traversal vulnerability has been detected in Repox, which allows an attacker to read arbitrary files on the running server, resulting in a disclosure of sensitive information. An attacker could access files such as application code or data, backend credentials, operating system files... | |||||
| CVE-2023-50255 | 1 Deepin | 1 Deepin-compressor | 2024-11-21 | N/A | 9.3 CRITICAL |
| Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-4914 | 1 Cecil | 1 Cecil | 2024-11-21 | N/A | 7.5 HIGH |
| Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1. | |||||