Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20220 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884
|
|||||
| CVE-2022-20101 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870.
|
|||||
| CVE-2022-1993 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
|
|||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
|
|||||
| CVE-2022-1953 | 1 Product Configurator For Woocommerce Project | 1 Product Configurator For Woocommerce | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first
|
|||||
| CVE-2022-1850 | 1 Filegator | 1 Filegator | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Path Traversal in GitHub repository filegator/filegator prior to 7.8.0.
|
|||||
| CVE-2022-1798 | 1 Kubevirt | 1 Kubevirt | 2024-11-21 | N/A | 8.7 HIGH |
|
A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.
|
|||||
| CVE-2022-1721 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.
|
|||||
| CVE-2022-1664 | 2 Debian, Netapp | 3 Debian Linux, Dpkg, Ontap Select Deploy Administration Utility | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
|
|||||
| CVE-2022-1661 | 1 Keysight | 4 N6841a Rf, N6841a Rf Firmware, N6854a and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files.
|
|||||
| CVE-2022-1657 | 1 Artbees | 2 Jupiter, Jupiterx | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerabil ...
Show More |
|||||
| CVE-2022-1648 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
|
|||||
| CVE-2022-1560 | 1 Amministrazione Aperta Project | 1 Amministrazione Aperta | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link
|
|||||
| CVE-2022-1554 | 1 Clinical-genomics | 1 Scout | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52.
|
|||||
| CVE-2022-1518 | 1 Illumina | 8 Iseq 100, Local Run Manager, Miniseq and 5 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
|
|||||
| CVE-2022-1392 | 1 Commoninja | 1 Videos Sync Pdf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues
|
|||||
| CVE-2022-1391 | 1 Kanev | 1 Cab Fare Calculator | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.
|
|||||
| CVE-2022-1390 | 1 Admin Word Count Column Project | 1 Admin Word Count Column | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique
|
|||||
| CVE-2022-1373 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2024-11-21 | N/A | 7.2 HIGH |
|
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
|
|||||
| CVE-2022-1359 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 5.0 MEDIUM | 5.7 MEDIUM |
|
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
|
|||||
| CVE-2022-1264 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | N/A | 6.8 MEDIUM |
|
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
|
|||||
| CVE-2022-1166 | 1 Nootheme | 1 Jobmonster | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.
|
|||||
| CVE-2022-1128 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.
|
|||||
| CVE-2022-1119 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7.
|
|||||
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.
|
|||||
| CVE-2022-0779 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads
|
|||||
| CVE-2022-0679 | 1 Narnoo Distributor Project | 1 Narnoo Distributor | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration.
|
|||||
| CVE-2022-0673 | 1 Eclipse | 1 Lemminx | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal.
|
|||||
| CVE-2022-0665 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.
|
|||||
| CVE-2022-0493 | 1 String Locator Project | 1 String Locator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server via a path traversal vector. Furthermore, due to a flaw in the search, allowing a pattern to be provided, which will be used to output the relevant matches from the matching file, all content of the file can be disclosed.
|
|||||
| CVE-2022-0436 | 1 Gruntjs | 1 Grunt | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
|
|||||
| CVE-2022-0401 | 1 W-zip Project | 1 W-zip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Path Traversal in NPM w-zip prior to 1.0.12.
|
|||||
| CVE-2022-0320 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques.
|
|||||
| CVE-2022-0223 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
|
|||||
| CVE-2022-0072 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | N/A | 5.8 MEDIUM |
|
Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards allows Path Traversal. This affects versions from 1.5.11 through 1.5.12, from 1.6.5 through 1.6.20.1, from 1.7.0 before 1.7.16.1
|
|||||
| CVE-2021-46897 | 1 Wagtailcrx | 1 Codered Extensions | 2024-11-21 | N/A | 6.5 MEDIUM |
|
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.
|
|||||
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended.
|
|||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
|
|||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
|
|||||
| CVE-2021-46417 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.
|
|||||