CVE-2023-6118

CVE-2023-6118 describes a Path Traversal (Absolute Path Traversal) weakness in Neutron IP Camera. The vulnerability allows access to files/directories via the crafted path '/../filedir'. Affected software: Neutron IP Camera versions prior to b1130.1.0.1. Root cause is a path traversal flaw that d...

CVE-2023-6118 Path Traversal in Neutron IP Camera

Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1...

CVE-2023-47313

Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and localPath. The first one refers to the...

Ubuntu: Security Advisory (USN-6475-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-79034 CVE-2023-45283 affecting package golang 1.25.7-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

UBUNTU-CVE-2023-45283

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

Fedora 37 : ansible-core (2023-cdc7db366e)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cdc7db366e advisory. Update to 2.14.11. Mitigates CVE-2023-5115. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2023:4017-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4017-1 advisory. - Updated to version 1.21.2 bsc1212475: - CVE-2023-39323: Fixed an arbitrary execution issue during build...

CVE-2023-39323

A flaw was found in the golang cmd/go standard library. A line directive "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running "go...

SUSE CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

DEBIAN-CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

UBUNTU-CVE-2023-39323

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

SUSE CVE-2023-5115

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path...

CVE-2023-38346

An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...

CVE-2023-5022

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/selecttempletspost.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifie...