Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. (CVSS:8.5) (Last Update:2023-08-17 10:15:11)

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. (CVSS:8.5) (Last Update:2023-08-17 10:15:11)

`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. (CVSS:0.0) (Last Update:2023-08-15 17:15:47)

An unauthenticated attacker could achieve the code execution through a RemoteControl server. (CVSS:9.8) (Last Update:2023-08-15 20:10:37)

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. (CVSS:7.5) (Last Update:2023-08-11 03:44:51)

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available. (CVSS:7.2) (Last Update:2023-08-10 18:13:59)

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. (CVSS:9.8) (Last Update:2023-08-11 13:55:20)

An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal. (CVSS:7.8) (Last Update:2023-08-14 23:40:32)