Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28064 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
| Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages). | |||||
| CVE-2024-5865 | 1 Delinea | 1 Privileged Access Service | 2024-08-29 | N/A | 6.5 MEDIUM |
| Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. | |||||
| CVE-2024-5866 | 1 Delinea | 1 Privileged Access Service | 2024-08-29 | N/A | 4.3 MEDIUM |
| Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. | |||||
| CVE-2024-25466 | 2024-08-19 | N/A | 7.3 HIGH | ||
| Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. | |||||
| CVE-2024-31551 | 2024-08-01 | N/A | 7.5 HIGH | ||
| Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. | |||||
| CVE-2024-39673 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 7.1 HIGH |
| Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-29466 | 2024-07-03 | N/A | N/A | ||
| Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. | |||||
| CVE-2024-20345 | 2024-03-07 | N/A | 6.5 MEDIUM | ||
| A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. | |||||
| CVE-2023-50255 | 1 Deepin | 1 Deepin-compressor | 2024-02-28 | N/A | 7.8 HIGH |
| Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives. Users are advised to update to version 5.12.21 which addresses the issue. There are no known workarounds for this vulnerability. | |||||