Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5447 | 1 Http-file-server Project | 1 Http-file-server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
|
|||||
| CVE-2019-5444 | 1 Serve-here.js Project | 1 Serve-here.js | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.
|
|||||
| CVE-2019-5438 | 1 Harpjs | 1 Harp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Path traversal using symlink in npm harp module versions <= 0.29.0.
|
|||||
| CVE-2019-5423 | 1 Http-live-simulator Project | 1 Http-live-simulator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.
|
|||||
| CVE-2019-5417 | 1 Zeit | 1 Serve | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
|
|||||
| CVE-2019-5416 | 1 Localhost-now Project | 1 Localhost-now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal vulnerability in localhost-now npm package version 1.0.2 allows the attackers to read content of arbitrary files on the remote server.
|
|||||
| CVE-2019-5356 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
|
|||||
| CVE-2019-5251 | 1 Huawei | 18 Enjoy 7s, Enjoy 7s Firmware, Honor 20s and 15 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There is a path traversal vulnerability in several Huawei smartphones. The system does not sufficiently validate certain pathnames from the application. An attacker could trick the user into installing, backing up and restoring a malicious application. Successful exploit could cause information disclosure.
|
|||||
| CVE-2019-5221 | 1 Huawei | 2 Mate 20 X, Mate 20 X Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
There is a path traversal vulnerability on Huawei Share. The software does not properly validate the path, an attacker could crafted a file path when transporting file through Huawei Share, successful exploit could allow the attacker to transport a file to arbitrary path on the phone. Affected products: Mate 20 X versions earlier than Ever-L29B 9.1.0.300(C432E3R1P12), versions earlier than Ever-L29B 9.1.0.300(C636E3R2P1), and versions earlier than Ever-L29B 9.1.0.300(C185E3R3P1).
|
|||||
| CVE-2019-4674 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 171510.
|
|||||
| CVE-2019-4582 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.
|
|||||
| CVE-2019-4460 | 1 Ibm | 1 Api Connect | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM API Connect 5.0.0.0 through 5.0.8.6 developer portal could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 163681.
|
|||||
| CVE-2019-4442 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9,0 could allow a remote attacker to traverse directories on the file system. An attacker could send a specially-crafted URL request to view arbitrary files on the system but not content. IBM X-Force ID: 163226.
|
|||||
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.
|
|||||
| CVE-2019-4423 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769.
|
|||||
| CVE-2019-4400 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162261.
|
|||||
| CVE-2019-4384 | 1 Ibm | 1 Campaign | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Campaign 9.1.2 and 10.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162172.
|
|||||
| CVE-2019-4268 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 160201.
|
|||||
| CVE-2019-4252 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 159883.
|
|||||
| CVE-2019-4178 | 1 Ibm | 1 Cognos Analytics | 2024-11-21 | 6.4 MEDIUM | 6.4 MEDIUM |
|
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919.
|
|||||
| CVE-2019-3976 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below are vulnerable to an arbitrary directory creation vulnerability via the upgrade package's name field. If an authenticated user installs a malicious package then a directory could be created and the developer shell could be enabled.
|
|||||
| CVE-2019-3967 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In OpenEMR 5.0.1 and earlier, the patient file download interface contains a directory traversal flaw that allows authenticated attackers to download arbitrary files from the host system.
|
|||||
| CVE-2019-3943 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
|
|||||
| CVE-2019-3902 | 3 Debian, Mercurial, Redhat | 3 Debian Linux, Mercurial, Enterprise Linux | 2024-11-21 | 5.8 MEDIUM | 5.1 MEDIUM |
|
A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.
|
|||||
| CVE-2019-3880 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.
|
|||||
| CVE-2019-3828 | 1 Redhat | 1 Ansible | 2024-11-21 | 3.3 LOW | 4.2 MEDIUM |
|
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
|
|||||
| CVE-2019-3816 | 4 Fedoraproject, Opensuse, Openwsman Project and 1 more | 11 Fedora, Leap, Openwsman and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
|
|||||
| CVE-2019-3799 | 2 Oracle, Vmware | 2 Communications Cloud Native Core Policy, Spring Cloud Config | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
|
|||||
| CVE-2019-3744 | 1 Dell | 1 Digital Delivery | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal exploit in order to run a malicious executable with elevated privileges.
|
|||||
| CVE-2019-3737 | 1 Dell | 1 Avamar Data Migration Enabler Web Interface | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.
|
|||||
| CVE-2019-3720 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.
|
|||||
| CVE-2019-3696 | 2 Opensuse, Suse | 5 Leap, Pcp, Linux Enterprise High Performance Computing and 2 more | 2024-11-21 | 4.4 MEDIUM | 8.4 HIGH |
|
A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Ent ...
Show More |
|||||
| CVE-2019-3662 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Path Traversal: '/absolute/pathname/here' vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attacker to gain unintended access to files on the system via carefully constructed HTTP requests.
|
|||||
| CVE-2019-3632 | 1 Mcafee | 1 Enterprise Security Manager | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Directory Traversal vulnerability in McAfee Enterprise Security Manager (ESM) prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input.
|
|||||
| CVE-2019-3580 | 1 Openrefine | 1 Openrefine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file.
|
|||||
| CVE-2019-3556 | 1 Facebook | 1 Hhvm | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior t ...
Show More |
|||||
| CVE-2019-3482 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7.
|
|||||
| CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
|
|||||
| CVE-2019-3423 | 1 Ztehome | 2 C520v21, C520v21 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources.
|
|||||
| CVE-2019-3415 | 1 Zte | 2 Zxmw Nr8000, Zxmw Nr8000 Firmware | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
ZTE MW NR8000V2.4.4.03 and NR8000V2.4.4.04 are impacted by path traversal vulnerability. Due to path traversal,users can download any files.
|
|||||