Total
386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-06 | N/A | 9.8 CRITICAL |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | |||||
| CVE-2023-36664 | 3 Artifex, Debian, Fedoraproject | 3 Ghostscript, Debian Linux, Fedora | 2024-12-05 | N/A | 7.8 HIGH |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | |||||
| CVE-2024-6209 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-12-05 | N/A | 10.0 CRITICAL |
| Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized | |||||
| CVE-2023-34834 | 1 Mcl-collection | 2 Mcl-net, Mcl-net Firmware | 2024-11-26 | N/A | 5.3 MEDIUM |
| A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint. | |||||
| CVE-2024-6878 | 2024-11-21 | N/A | N/A | ||
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24. | |||||
| CVE-2024-6911 | 1 Perkinelmer | 1 Processplus | 2024-11-21 | N/A | 7.5 HIGH |
| Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0. | |||||
| CVE-2024-5587 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5262 | 1 Projectdiscovery | 1 Interactsh | 2024-11-21 | N/A | 9.8 CRITICAL |
| Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login. | |||||
| CVE-2024-5056 | 1 Schneider-electric | 6 Bmxnoe0100, Bmxnoe0100 Firmware, Bmxnoe0110 and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may prevent user to update the device firmware and prevent proper behavior of the webserver when specific files or directories are removed from the filesystem. | |||||
| CVE-2024-4836 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthenticated user. The issue in versions 3.5 - 3.25 was removed in releases which dates from 10th of January 2014. Higher versions were never affected. | |||||
| CVE-2024-38429 | 1 Matrix-globalservices | 1 Tafnit | 2024-11-21 | N/A | 7.5 HIGH |
| Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties | |||||
| CVE-2024-36442 | 2024-11-21 | N/A | 8.8 HIGH | ||
| cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. | |||||
| CVE-2024-35183 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than `github.com`. Most git-dependent functionality in wolfictl relies on its own `git` package, which contains centralized logic for implementing interactions with git repositories. Some of this functionality requires authentication in order to access private repositories. A central function `GetGitAuth` looks for a GitHub token in the environment variable `GITHUB_TOKEN` and returns it as an HTTP basic auth object to be used with the `github.com/go-git/go-git/v5` library. Most callers (direct or indirect) of `GetGitAuth` use the token to authenticate to github.com only; however, in some cases callers were passing this authentication without checking that the remote git repository was hosted on github.com. This behavior has existed in one form or another since commit 0d06e1578300327c212dda26a5ab31d09352b9d0 - committed January 25, 2023. This impacts anyone who ran the `wolfictl check update` commands with a Melange configuration that included a `git-checkout` directive step that referenced a git repository not hosted on github.com. This also impacts anyone who ran `wolfictl update <url>` with a remote URL outside of github.com. Additionally, these subcommands must have run with the `GITHUB_TOKEN` environment variable set to a valid GitHub token. Users should upgrade to version 0.16.10 to receive a patch. | |||||
| CVE-2024-2759 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. | |||||
| CVE-2024-23282 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted email may be able to initiate FaceTime calls without user authorization. | |||||
| CVE-2024-21403 | 1 Microsoft | 1 Azure Kubernetes Service | 2024-11-21 | N/A | 9.0 CRITICAL |
| Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | |||||
| CVE-2024-1005 | 1 Shanxi Tianneng Technology | 1 Noderp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6375 | 1 Tylertech | 1 Court Case Management Plus | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Backups may contain sensitive information such as database credentials. | |||||
| CVE-2023-6266 | 1 Backupbliss | 1 Backup Migration | 2024-11-21 | N/A | 7.5 HIGH |
| The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more. | |||||
| CVE-2023-6114 | 1 Awesomemotive | 1 Duplicator | 2024-11-21 | N/A | 7.5 HIGH |
| The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site. | |||||