CVE-2023-6407
published 2023-12-14CVE-2023-6407: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon…
high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by
a local and low-privileged attacker.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| schneider-electric | easy_ups_online_monitoring_software | < 2.6-ga-01-23248 | 2.6-ga-01-23248 |
| schneider_electric | easy_ups_online_monitoring_software | — | — |
| x.org | libx11 | >= 0 < 2:1.6.2-1ubuntu2.1+esm5 | 2:1.6.2-1ubuntu2.1+esm5 |
| x.org | libx11 | >= 0 < 2:1.6.3-1ubuntu2.2+esm4 | 2:1.6.3-1ubuntu2.2+esm4 |
| x.org | libx11 | >= 0 < 2:1.6.4-3ubuntu0.4+esm2 | 2:1.6.4-3ubuntu0.4+esm2 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
osv5.5MEDIUM