Vulnerabilities (CVE)

Filtered by CWE-552
Total 184 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-26956 1 Onekeyadmin 1 Onekeyadmin 2023-03-17 N/A 7.5 HIGH
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.
CVE-2023-1246 1 Saysis 1 Starcities 2023-03-17 N/A 7.5 HIGH
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.
CVE-2023-26948 1 Onekeyadmin 1 Onekeyadmin 2023-03-15 N/A 7.5 HIGH
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.
CVE-2023-0331 1 Correos 1 Correos Oficial 2023-03-04 N/A 7.5 HIGH
The Correos Oficial WordPress plugin through does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.
CVE-2023-22974 1 Open-emr 1 Openemr 2023-03-03 N/A 7.5 HIGH
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
CVE-2020-15175 1 Glpi-project 1 Glpi 2023-03-01 6.4 MEDIUM 9.1 CRITICAL
In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.
CVE-2021-29024 1 Invoiceplane 1 Invoiceplane 2023-03-01 5.0 MEDIUM 7.5 HIGH
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication.
CVE-2023-0822 1 Deltaww 1 Diaenergie 2023-02-28 N/A 8.8 HIGH
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality.
CVE-2022-44343 1 Crmeb 1 Crmeb 2023-02-14 N/A 7.5 HIGH
CRMEB 4.4.4 is vulnerable to Any File download.
CVE-2018-10869 1 Redhat 2 Certification, Enterprise Linux 2023-02-13 5.0 MEDIUM 7.5 HIGH
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2021-4112 1 Redhat 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more 2023-02-12 N/A 8.8 HIGH
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.
CVE-2020-1726 2 Libpod Project, Redhat 3 Libpod, Enterprise Linux, Openshift Container Platform 2023-02-12 5.8 MEDIUM 5.9 MEDIUM
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0.
CVE-2019-3811 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Sssd and 2 more 2023-02-12 2.7 LOW 5.2 MEDIUM
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
CVE-2017-2621 2 Openstack, Redhat 2 Heat, Openstack 2023-02-12 2.1 LOW 5.5 MEDIUM
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
CVE-2017-2622 1 Redhat 1 Openstack 2023-02-12 2.1 LOW 5.5 MEDIUM
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
CVE-2017-15104 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2023-02-12 2.1 LOW 7.8 HIGH
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
CVE-2022-1117 1 Fapolicyd Project 1 Fapolicyd 2023-02-12 N/A 8.4 HIGH
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.
CVE-2018-10867 1 Redhat 1 Certification 2023-02-10 6.4 MEDIUM 9.1 CRITICAL
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
CVE-2018-10863 1 Redhat 1 Certification 2023-02-10 5.0 MEDIUM 7.5 HIGH
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.
CVE-2022-48161 1 Easy Images Project 1 Easy Images 2023-02-08 N/A 7.5 HIGH
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request.