ReportizFlow
Filtered by vendor
Subscriptions
Total
8465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38088 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | 6.5 Medium |
| A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2024-11-21 | 7.5 High |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | ||||
| CVE-2022-37423 | 1 Neo4j | 1 Awesome Procedures On Cypher | 2024-11-21 | 7.5 High |
| Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | ||||
| CVE-2022-37422 | 1 Payara | 1 Payara | 2024-11-21 | 7.5 High |
| Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | ||||
| CVE-2022-37299 | 1 Shirne Cms Project | 1 Shirne Cms | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | ||||
| CVE-2022-37122 | 1 Carel | 4 Applica, Pcoweb Card, Pcoweb Card Firmware and 1 more | 2024-11-21 | 7.5 High |
| Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. | ||||
| CVE-2022-36890 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 4.3 Medium |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | ||||
| CVE-2022-36889 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | 8.8 High |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | ||||
| CVE-2022-36850 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | ||||
| CVE-2022-36831 | 1 Samsung | 1 Notes | 2024-11-21 | 6.2 Medium |
| Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. | ||||
| CVE-2022-36687 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | 6.5 Medium |
| Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | ||||
| CVE-2022-36593 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.5 Medium |
| kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | ||||
| CVE-2022-36261 | 1 Taogogo | 1 Taocms | 2024-11-21 | 9.1 Critical |
| An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | ||||
| CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 2.7 Low |
| A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | ||||
| CVE-2022-35908 | 1 Cambiumnetworks | 1 Enterprise Wi-fi | 2024-11-21 | 8.8 High |
| Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | ||||
| CVE-2022-35861 | 1 Pyenv | 1 Pyenv | 2024-11-21 | 7.8 High |
| pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | ||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 7.5 High |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | ||||
| CVE-2022-35410 | 2 0xacab, Debian | 2 Mat2, Debian Linux | 2024-11-21 | 7.5 High |
| mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | ||||
| CVE-2022-35216 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | 7.5 High |
| OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | ||||
| CVE-2022-35204 | 1 Vitejs | 1 Vite | 2024-11-21 | 4.3 Medium |
| Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. | ||||