CVSS: 9.7EPSS: 10%CPEs: 1EXPL: 0CVE-2025-6793 – Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6793
27 Jun 2025 — Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability. This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the QLogicDownloadImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in f... • https://www.zerodayinitiative.com/advisories/ZDI-25-450 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 0CVE-2025-6794 – Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6794
27 Jun 2025 — Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveAsText method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-454 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6795 – Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6795
27 Jun 2025 — Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadSize method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-455 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 0CVE-2025-6796 – Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6796
27 Jun 2025 — Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getAppFileBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-451 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 0CVE-2025-6797 – Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6797
27 Jun 2025 — Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-456 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 14%CPEs: 1EXPL: 0CVE-2025-6798 – Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2025-6798
27 Jun 2025 — Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the deleteAppFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-457 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 0CVE-2025-6799 – Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6799
27 Jun 2025 — Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileUploadBytes method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-458 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 13%CPEs: 1EXPL: 0CVE-2025-6800 – Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-6800
27 Jun 2025 — Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the restoreESwitchConfig method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-459 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 3%CPEs: 1EXPL: 0CVE-2025-6801 – Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-6801
27 Jun 2025 — Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the saveNICParamsToFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-460 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2025-6802 – Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-6802
27 Jun 2025 — Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the getFileFromURL method. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. • https://www.zerodayinitiative.com/advisories/ZDI-25-464 • CWE-434: Unrestricted Upload of File with Dangerous Type •