Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-16 | CVE-2023-6015 | Path Traversal vulnerability in Lfprojects Mlflow MLflow allowed arbitrary files to be PUT onto the server. | 7.5 |
| 2023-11-16 | CVE-2023-6023 | Path Traversal vulnerability in Vertaai Modeldb An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. | 7.5 |
| 2023-11-15 | CVE-2023-5245 | Path Traversal vulnerability in Combust Mleap 0.18.0/0.23.0 FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution | 9.8 |
| 2023-11-15 | CVE-2023-34062 | Path Traversal vulnerability in Pivotal Reactor Netty In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | 7.5 |
| 2023-11-15 | CVE-2023-6032 | Path Traversal vulnerability in Schneider-Electric Galaxy VL Firmware and Galaxy VS Firmware A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS. | 5.3 |
| 2023-11-14 | CVE-2023-5189 | Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. | 6.5 |
| 2023-11-14 | CVE-2022-27229 | Path Traversal vulnerability in Intel Hdmi Firmware Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-11-14 | CVE-2023-24592 | Path Traversal vulnerability in Intel products Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2023-11-14 | CVE-2023-32278 | Path Traversal vulnerability in Intel NUC Uniwill Service Driver Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |
| 2023-11-14 | CVE-2023-32655 | Path Traversal vulnerability in Intel USB Type C Power Delivery Controller Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 |