Total
7220 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-27575 | 2024-11-21 | N/A | 7.5 HIGH | ||
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. | |||||
CVE-2024-27178 | 2024-11-21 | N/A | 7.2 HIGH | ||
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27177 | 2024-11-21 | N/A | 7.2 HIGH | ||
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27176 | 2024-11-21 | N/A | 7.2 HIGH | ||
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27174 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27173 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27145 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27144 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | |||||
CVE-2024-27121 | 2024-11-21 | N/A | 7.2 HIGH | ||
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section. | |||||
CVE-2024-25614 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. | |||||
CVE-2024-25567 | 2024-11-21 | N/A | 8.1 HIGH | ||
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. | |||||
CVE-2024-25386 | 2024-11-21 | N/A | 8.8 HIGH | ||
Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. | |||||
CVE-2024-25136 | 2024-11-21 | N/A | 7.5 HIGH | ||
There is a function in AutomationDirect C-MORE EA9 HMI that allows an attacker to send a relative path in the URL without proper sanitizing of the content. | |||||
CVE-2024-25125 | 1 Treasuredata | 1 Digdag | 2024-11-21 | N/A | 5.3 MEDIUM |
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-24942 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.3 MEDIUM |
In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives | |||||
CVE-2024-24938 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 5.3 MEDIUM |
In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation | |||||
CVE-2024-24756 | 1 Crafatar | 1 Crafatar | 2024-11-21 | N/A | 7.5 HIGH |
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5. | |||||
CVE-2024-24591 | 1 Clear | 1 Clearml | 2024-11-21 | N/A | 8.0 HIGH |
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with. | |||||
CVE-2024-24579 | 1 Anchore | 1 Stereoscope | 2024-11-21 | N/A | 5.3 MEDIUM |
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. | |||||
CVE-2024-24569 | 1 Pixee | 1 Java Code Security Toolkit | 2024-11-21 | N/A | 5.4 MEDIUM |
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2. |