Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.
|
|||||
| CVE-2022-34762 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)
|
|||||
| CVE-2022-34551 | 1 Sims Project | 1 Sims | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Sims v1.0 was discovered to allow path traversal when downloading attachments.
|
|||||
| CVE-2022-34486 | 1 Pukiwiki | 1 Pukiwiki | 2024-11-21 | N/A | 7.2 HIGH |
|
Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors.
|
|||||
| CVE-2022-34430 | 1 Dell | 1 Hybrid Client | 2024-11-21 | N/A | 7.1 HIGH |
|
Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
|
|||||
| CVE-2022-34429 | 1 Dell | 1 Hybrid Client | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.
|
|||||
| CVE-2022-34426 | 1 Dell | 1 Container Storage Modules | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.
|
|||||
| CVE-2022-34378 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.
|
|||||
| CVE-2022-34375 | 1 Dell | 1 Container Storage Modules | 2024-11-21 | N/A | 8.8 HIGH |
|
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.
|
|||||
| CVE-2022-34373 | 1 Dell | 1 Command \| Integration Suite For System Center | 2024-11-21 | N/A | 7.3 HIGH |
|
Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.
|
|||||
| CVE-2022-34365 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.5 MEDIUM |
|
WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
|
|||||
| CVE-2022-34271 | 1 Apache | 1 Atlas | 2024-11-21 | N/A | 8.8 HIGH |
|
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.
|
|||||
| CVE-2022-34254 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | N/A | 8.8 HIGH |
|
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2022-34179 | 1 Jenkins | 1 Embeddable Build Status | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.
|
|||||
| CVE-2022-34177 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
|
|||||
| CVE-2022-34002 | 1 Pdssoftware | 1 Pds Vista 7 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.
|
|||||
| CVE-2022-33995 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location.
|
|||||
| CVE-2022-33937 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.1 HIGH |
|
Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM.
|
|||||
| CVE-2022-33897 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A directory traversal vulnerability exists in the web_server /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2022-33892 | 1 Intel | 1 Quartus Prime | 2024-11-21 | N/A | 7.3 HIGH |
|
Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-33715 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.
|
|||||
| CVE-2022-33690 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
|
|||||
| CVE-2022-33165 | 1 Ibm | 1 Security Directory Integrator | 2024-11-21 | N/A | 6.8 MEDIUM |
|
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.
|
|||||
| CVE-2022-33164 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | N/A | 8.7 HIGH |
|
IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.
|
|||||
| CVE-2022-33116 | 1 Openeclass | 1 Openeclass | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
|
|||||
| CVE-2022-32963 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | N/A | 7.5 HIGH |
|
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files.
|
|||||
| CVE-2022-32573 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A directory traversal vulnerability exists in the AssetActions.aspx addDoc functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-32551 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).
|
|||||
| CVE-2022-32409 | 1 Softwarepublico | 1 I3geo | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.
|
|||||
| CVE-2022-32328 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img.
|
|||||
| CVE-2022-32275 | 1 Grafana | 1 Grafana | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
|
|||||
| CVE-2022-32270 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).
|
|||||
| CVE-2022-32190 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.5 HIGH |
|
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
|
|||||
| CVE-2022-31836 | 1 Beego | 1 Beego | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
|
|||||
| CVE-2022-31793 | 2 Arris, Inglorion | 13 Bgw210, Bgw210 Firmware, Bgw320 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
|
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected.
|
|||||
| CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
|
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files.
|
|||||
| CVE-2022-31588 | 1 Testplatform Project | 1 Testplatform | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
|
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
|
|||||
| CVE-2022-31587 | 1 Kg-fashion-chatbot Project | 1 Kg-fashion-chatbot | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
|
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
|
|||||
| CVE-2022-31586 | 1 Changepop-back Project | 1 Changepop-back | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
|
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
|
|||||
| CVE-2022-31585 | 1 Home Internet Project | 1 Home Internet | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
|
The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
|
|||||