Vulnerabilities > Files or Directories Accessible to External Parties

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-29450 Files or Directories Accessible to External Parties vulnerability in Zabbix
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
network
low complexity
zabbix CWE-552
7.5
2023-07-05 CVE-2023-2538 Files or Directories Accessible to External Parties vulnerability in Tyan products
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing.
network
high complexity
tyan CWE-552
4.2
2023-06-16 CVE-2023-34645 Files or Directories Accessible to External Parties vulnerability in Jflyfox Jfinal CMS 5.1.0
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
network
low complexity
jflyfox CWE-552
7.5
2023-06-14 CVE-2023-2976 Files or Directories Accessible to External Parties vulnerability in Google Guava
Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
local
low complexity
google CWE-552
7.1
2023-06-13 CVE-2023-33568 Files or Directories Accessible to External Parties vulnerability in Dolibarr Erp/Crm
An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.
network
low complexity
dolibarr CWE-552
7.5
2023-05-30 CVE-2023-32684 Files or Directories Accessible to External Parties vulnerability in Linuxfoundation Lima
Lima launches Linux virtual machines, typically on macOS, for running containerd.
local
high complexity
linuxfoundation CWE-552
2.5
2023-05-18 CVE-2022-45450 Files or Directories Accessible to External Parties vulnerability in Acronis Agent and Cyber Protect
Sensitive information disclosure and manipulation due to improper authorization.
network
low complexity
acronis CWE-552
7.5
2023-05-18 CVE-2023-20183 Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user.
network
low complexity
cisco CWE-552
4.3
2023-05-18 CVE-2023-20184 Files or Directories Accessible to External Parties vulnerability in Cisco DNA Center
Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user.
network
low complexity
cisco CWE-552
4.3
2023-03-28 CVE-2023-28375 Files or Directories Accessible to External Parties vulnerability in Propumpservice Osprey Pump Controller Firmware 1.01
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure.
network
low complexity
propumpservice CWE-552
7.5