Aggregates CVE and security vulnerability intelligence across all trcore-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk path handling; exposure may include vendor impact file overwrite in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-11315 | The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | [email protected] | 9.8 | 6.84% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11314 | The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | [email protected] | 9.8 | 6.84% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11313 | The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | [email protected] | 9.8 | 6.84% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11312 | The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | [email protected] | 9.8 | 6.84% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11311 | The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | [email protected] | 9.8 | 6.84% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11310 | The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | [email protected] | 7.5 | 0.32% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11309 | The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | [email protected] | 7.5 | 0.32% | 2024-11-18 | 2024-11-20 |
| CVE-2024-11308 | The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | [email protected] | 6.2 | 0.06% | 2024-11-18 | 2024-11-20 |