CVE-2024-9924

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-36
View all →

Vulnerability Description

The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently .

Related Vulnerabilities

CVE-2024-10811

CRITICAL
CVSS:9.8(Critical)

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.

CWE-362024

CVE-2024-20401

CRITICAL
CVSS:9.8(Critical)

A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying oper...

CWE-362024

CVE-2025-0851

CRITICAL
CVSS:9.8(Critical)

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

CWE-362025

CVE-2023-3765

CRITICAL
CVSS:10.0(Critical)

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

CWE-362023

CVE-2024-51549

CRITICAL
CVSS:9.4(Critical)

Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

CWE-362024

CVE-2024-10831

CRITICAL
CVSS:9.1(Critical)

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations ...

CWE-362024