CVE-2023-24804

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.

Related Vulnerabilities

CVE-2019-15266

MEDIUM
CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to view system files that should be restricted. This vulnerability is due to imp...

CWE-222019

CVE-2019-1835

MEDIUM
CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanit...

CWE-222019

CVE-2021-1436

MEDIUM
CVSS:4.4(Medium)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected syste...

CWE-222021

CVE-2021-44111

MEDIUM
CVSS:4.4(Medium)

A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup.

CWE-222021

CVE-2022-20449

MEDIUM
CVSS:4.4(Medium)

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execu...

CWE-222022

CVE-2022-22821

MEDIUM
CVSS:4.4(Medium)

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

CWE-222022