ReportizFlow
Filtered by vendor
Subscriptions
Total
9158 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1798 | 2 Kubevirt, Redhat | 2 Kubevirt, Container Native Virtualization | 2025-04-21 | 8.7 High |
| A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. | ||||
| CVE-2017-11469 | 1 Idera | 1 Uptime Infrastructure Monitor | 2025-04-20 | N/A |
| get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter. | ||||
| CVE-2017-11456 | 1 Geneko | 8 Gwr202 Gprs Router, Gwr202 Gprs Router Firmware, Gwr252 Edge Router and 5 more | 2025-04-20 | N/A |
| Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | ||||
| CVE-2017-8189 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | N/A |
| FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | ||||
| CVE-2017-11589 | 1 Cisco | 2 Residential Gateway, Residential Gateway Firmware | 2025-04-20 | N/A |
| On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. | ||||
| CVE-2017-11630 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. | ||||
| CVE-2017-11723 | 1 Xinha | 1 Xinha | 2025-04-20 | N/A |
| Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | ||||
| CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2025-04-20 | N/A |
| UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | ||||
| CVE-2017-8805 | 1 Debian | 1 Ftpsync | 2025-04-20 | N/A |
| Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror. | ||||
| CVE-2016-10330 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | ||||
| CVE-2017-9846 | 1 Magicwinmail | 1 Winmail Server | 2025-04-20 | 8.8 High |
| Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. | ||||
| CVE-2017-11162 | 1 Synology | 1 Photo Station | 2025-04-20 | N/A |
| Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-5869 | 1 Nuxeo | 1 Nuxeo | 2025-04-20 | N/A |
| Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header. | ||||
| CVE-2017-2119 | 1 Wbce | 1 Wbce Cms | 2025-04-20 | N/A |
| Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-2098 | 1 Cubecart | 1 Cubecart | 2025-04-20 | N/A |
| Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-10949 | 1 Dell | 1 Storage Manager 2016 | 2025-04-20 | N/A |
| Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in file operations. Was ZDI-CAN-4459. | ||||
| CVE-2017-12074 | 1 Synology | 1 Dns Server | 2025-04-20 | N/A |
| Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. | ||||
| CVE-2017-10940 | 1 Joyent | 1 Triton Datacenter | 2025-04-20 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to [email protected] (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853. | ||||
| CVE-2017-12188 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | 7.8 High |
| arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an "MMU potential stack buffer overrun." | ||||
| CVE-2017-10907 | 1 Spiqe | 1 Onethird Cms Show Off | 2025-04-20 | N/A |
| Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors. | ||||