Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3037 | 2 Microsoft, Papercut | 3 Windows, Papercut Mf, Papercut Ng | 2025-01-27 | 7.8 High |
| An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which typically restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log in to the local console of the Windows environment hosting the PaperCut NG/MF application server. Note: This CVE has been split into two separate CVEs (CVE-2024-3037 and CVE-2024-8404) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard users on the host server. | ||||
| CVE-2023-34316 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-27 | 6.5 Medium |
| An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | ||||
| CVE-2023-29820 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | 5.5 Medium |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819. | ||||
| CVE-2022-45450 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2025-01-22 | 7.5 High |
| Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. | ||||
| CVE-2023-0822 | 1 Deltaww | 1 Diaenergie | 2025-01-16 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. | ||||
| CVE-2023-28375 | 1 Propumpservice | 2 Osprey Pump Controller, Osprey Pump Controller Firmware | 2025-01-16 | 7.5 High |
| Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. | ||||
| CVE-2024-47518 | 2025-01-13 | 6.4 Medium | ||
| Specially constructed queries targeting ETM could discover active remote access sessions | ||||
| CVE-2023-32684 | 1 Linuxfoundation | 1 Lima | 2025-01-10 | 2.7 Low |
| Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image. | ||||
| CVE-2023-33568 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-01-03 | 7.5 High |
| An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. | ||||
| CVE-2023-34645 | 1 Jflyfox | 1 Jfinal Cms | 2024-12-17 | 7.5 High |
| jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | ||||
| CVE-2022-42834 | 1 Apple | 1 Macos | 2024-12-10 | 3.3 Low |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | ||||
| CVE-2023-5101 | 1 Sick | 2 Apu0200, Apu0200 Firmware | 2024-12-09 | 5.3 Medium |
| Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | ||||
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-06 | 9.8 Critical |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | ||||
| CVE-2023-36664 | 4 Artifex, Debian, Fedoraproject and 1 more | 5 Ghostscript, Debian Linux, Fedora and 2 more | 2024-12-05 | 7.8 High |
| Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | ||||
| CVE-2024-6209 | 1 Abb | 38 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 35 more | 2024-12-05 | 10 Critical |
| Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to access files unauthorized | ||||
| CVE-2018-0106 | 1 Cisco | 1 Elastic Services Controller | 2024-12-02 | 3.3 Low |
| A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221. | ||||
| CVE-2023-34834 | 1 Mcl-collection | 2 Mcl-net, Mcl-net Firmware | 2024-11-26 | 5.3 Medium |
| A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint. | ||||
| CVE-2024-6878 | 1 Eliz Software | 1 Panel | 2024-11-21 | N/A |
| Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24. | ||||
| CVE-2024-10126 | 2024-11-21 | N/A | ||
| Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview. | ||||
| CVE-2024-5587 | 2024-11-21 | 5.3 Medium | ||
| A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||