Lucene search
K

8 matches found

CVE
CVE
added 2024/11/18 6:35 a.m.83 views

CVE-2024-11312

CVE-2024-11312 – TRCore DVC suffers a path traversal/file-upload vulnerability: unauthenticated remote attackers can upload arbitrary files to arbitrary directories because uploaded file types are not restricted, enabling arbitrary code execution via web shells. Documented impact is high (remote,...

9.8CVSS9.9AI score0.01338EPSS
CVE
CVE
added 2024/11/18 6:39 a.m.63 views

CVE-2024-11313

The CVE concerns the DVC from TRCore. A Path Traversal vulnerability allows unauthenticated remote attackers to upload arbitrary files to any directory due to lack of file-type restrictions, enabling arbitrary code execution via webshells. Affected component: DVC from TRCore; issue driven by impr...

9.8CVSS9.9AI score0.01338EPSS
CVE
CVE
added 2024/11/18 6:7 a.m.59 views

CVE-2024-11310

CVE-2024-11310 affects the DVC from TRCore, describing a Path Traversal vulnerability that allows unauthenticated remote attackers to read arbitrary system files. Concrete details across connected sources identify the vulnerable component as TRCore’s DVC and confirm the impact as arbitrary file r...

7.5CVSS7.5AI score0.00669EPSS
CVE
CVE
added 2024/11/18 6:41 a.m.54 views

CVE-2024-11314

The CVE refers to TRCore DVC, which has a Path Traversal vulnerability with unrestricted upload file types, enabling unauthenticated remote attackers to upload arbitrary files to any directory and achieve arbitrary code execution via web shells. Concrete details found in connected PT-2024-16905 i...

9.8CVSS9.9AI score0.01338EPSS
CVE
CVE
added 2024/11/18 5:59 a.m.52 views

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

6.2CVSS5.9AI score0.00155EPSS
CVE
CVE
added 2024/11/18 6:2 a.m.49 views

CVE-2024-11309

TRCore DVC suffers a Path Traversal vulnerability due to improper path filtering, allowing unauthenticated remote attackers to read arbitrary system files. Affected: TRCore DVC versions up to 6.3. Remediation guidance in connected PT-2024-16900 recommends patching to newer versions and reviewing ...

7.5CVSS7.5AI score0.00669EPSS
CVE
CVE
added 2024/11/18 6:24 a.m.49 views

CVE-2024-11311

The CVE-2024-11311 entry concerns TRCore DVC (File Upload Vulnerability). The connected documents describe a Path Traversal flaw in DVC that does not restrict uploaded file types, allowing unauthenticated remote attackers to upload arbitrary files to any directory and achieve arbitrary code execu...

9.8CVSS9.9AI score0.01338EPSS
CVE
CVE
added 2024/11/18 6:47 a.m.39 views

CVE-2024-11315

The CVE-2024-11315 entry concerns TRCore’s DVC (Device/Document/Video Controller) with a Path Traversal vulnerability that does not restrict uploaded file types. Multiple connected sources confirm unauthenticated remote attackers can upload arbitrary files to arbitrary directories, enabling arbit...

9.8CVSS9.9AI score0.01338EPSS