Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41057 | 1 Plannigan | 1 Hyper Bump It | 2024-11-21 | N/A | 5.5 MEDIUM |
| hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is not checked. This could result in changes being written to files outside of the project. The default behaviour of `hyper-bump-it` is to display the planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used cause files to be edited without displaying the prompt. This issue has been fixed in release version 0.5.1. Users are advised to upgrade. Users that are unable to update from vulnerable versions, executing `hyper-bump-it` with the `--interactive` command line argument will ensure that all planned changes are displayed and prompt the user for confirmation before editing any files, even if the configuration file contains `show_confirm_prompt=true`. | |||||
| CVE-2023-41044 | 1 Graylog | 1 Graylog | 2024-11-21 | N/A | 3.3 LOW |
| Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. The data directory for the Support Bundle feature is always `<data_dir>/support-bundle`. Due to the partial path traversal vulnerability, an attacker with valid Admin role credentials can read or delete files in directories that start with a `/var/lib/graylog-server/support-bundle` directory name. The vulnerability would allow the download or deletion of files in the following example directories: `/var/lib/graylog-server/support-bundle-test` and `/var/lib/graylog-server/support-bundlesdirectory`. For the Graylog Docker images, the `data_dir` is set to `/usr/share/graylog/data` by default. This vulnerability is fixed in Graylog version 5.1.3 and later. Users are advised to upgrade. Users unable to upgrade should block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog. `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`. | |||||
| CVE-2023-41040 | 1 Gitpython Project | 1 Gitpython | 2024-11-21 | N/A | 4.0 MEDIUM |
| GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has been addressed in version 3.1.37. | |||||
| CVE-2023-40930 | 1 Skyworth | 1 Skyworth Os | 2024-11-21 | N/A | 6.8 MEDIUM |
| An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/. | |||||
| CVE-2023-40924 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| SolarView Compact < 6.00 is vulnerable to Directory Traversal. | |||||
| CVE-2023-40828 | 1 Pf4j Project | 1 Pf4j | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function. | |||||
| CVE-2023-40827 | 1 Pf4j Project | 1 Pf4j | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. | |||||
| CVE-2023-40826 | 1 Pf4j Project | 1 Pf4j | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. | |||||
| CVE-2023-40597 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 7.8 HIGH |
| In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. | |||||
| CVE-2023-40587 | 2 Agendaless, Fedoraproject | 2 Pyramid, Fedora | 2024-11-21 | N/A | 4.3 MEDIUM |
| Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series. | |||||
| CVE-2023-40532 | 1 Collne | 1 Welcart | 2024-11-21 | N/A | 4.3 MEDIUM |
| Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | |||||
| CVE-2023-40517 | 2024-11-21 | N/A | 7.5 HIGH | ||
| LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getObject method implemented in the ContentRestController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-20328. | |||||
| CVE-2023-40514 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| LG Simple Editor FileManagerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the FileManagerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20016. | |||||
| CVE-2023-40513 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the UserManageController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20015. | |||||
| CVE-2023-40512 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| LG Simple Editor PlayerController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getImageByFilename method in the PlayerController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20014. | |||||
| CVE-2023-40509 | 2024-11-21 | N/A | 8.2 HIGH | ||
| LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the deleteCanvas method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-20011. | |||||
| CVE-2023-40508 | 2024-11-21 | N/A | 8.2 HIGH | ||
| LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the putCanvasDB method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-20010. | |||||
| CVE-2023-40502 | 2024-11-21 | N/A | 8.2 HIGH | ||
| LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cropImage command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19951. | |||||
| CVE-2023-40499 | 2024-11-21 | N/A | 8.2 HIGH | ||
| LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mkdir command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. . Was ZDI-CAN-19926. | |||||
| CVE-2023-40498 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cp command implemented in the makeDetailContent method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19925. | |||||