Total
381 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49198 | 1 Apache | 1 Seatunnel | 2024-11-21 | 7.5 High |
| Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue. | ||||
| CVE-2023-48661 | 1 Dell | 3 Powermax Os, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | 4.9 Medium |
| Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability to read arbitrary files from the target system. | ||||
| CVE-2023-47612 | 1 Telit | 20 Bgs5, Bgs5 Firmware, Ehs5 and 17 more | 2024-11-21 | 6.8 Medium |
| A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories. | ||||
| CVE-2023-45594 | 2024-11-21 | 6.8 Medium | ||
| A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | ||||
| CVE-2023-45160 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch. Resolution: This has been fixed in patch Q23094 This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability. | ||||
| CVE-2023-43856 | 1 Dreamer Cms Project | 1 Dreamer Cms | 2024-11-21 | 7.5 High |
| Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | ||||
| CVE-2023-42534 | 1 Samsung | 1 Android | 2024-11-21 | 6.3 Medium |
| Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | ||||
| CVE-2023-41916 | 1 Apache | 1 Linkis | 2024-11-21 | 6.5 Medium |
| In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.5.0. | ||||
| CVE-2023-41717 | 1 Zscaler | 1 Zscaler Proxy | 2024-11-21 | 5.5 Medium |
| Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | ||||
| CVE-2023-3712 | 1 Honeywell | 2 Pm43, Pm43 Firmware | 2024-11-21 | 6.6 Medium |
| Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006). | ||||
| CVE-2023-3155 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 7.2 High |
| The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | ||||
| CVE-2023-39545 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-11-21 | 8.8 High |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | ||||
| CVE-2023-39480 | 2024-11-21 | N/A | ||
| Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549. | ||||
| CVE-2023-39479 | 2024-11-21 | N/A | ||
| Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548. | ||||
| CVE-2023-38952 | 1 Zkteco | 1 Biotime | 2024-11-21 | 7.5 High |
| Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. | ||||
| CVE-2023-38948 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 7.2 High |
| An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. | ||||
| CVE-2023-37551 | 1 Codesys | 16 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 13 more | 2024-11-21 | 6.5 Medium |
| In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller. | ||||
| CVE-2023-33517 | 1 Carrental Project | 1 Carrental | 2024-11-21 | 7.5 High |
| carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | ||||
| CVE-2023-32226 | 1 Sysaid | 1 Sysaid On-premises | 2024-11-21 | 8.3 High |
| Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. | ||||
| CVE-2023-31066 | 1 Apache | 1 Inlong | 2024-11-21 | 9.1 Critical |
| Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it. | ||||