Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12112 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-10-05 | 5.0 MEDIUM | 7.5 HIGH |
| BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | |||||
| CVE-2020-20944 | 1 Qibosoft | 1 Qibosoft | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | |||||
| CVE-2020-18127 | 1 Indexhibit | 1 Indexhibit | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. | |||||
| CVE-2020-20907 | 2 Metinfo, Microsoft | 2 Metinfo, Windows | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/language_general.class.php and app/system/include/function/file.func.php. | |||||
| CVE-2022-34429 | 1 Dell | 1 Hybrid Client | 2022-10-05 | N/A | 7.1 HIGH |
| Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification. | |||||
| CVE-2020-19305 | 1 Metinfo | 1 Metinfo | 2022-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||||
| CVE-2022-40123 | 1 Mojoportal | 1 Mojoportal | 2022-10-05 | N/A | 6.5 MEDIUM |
| mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. | |||||
| CVE-2022-42308 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 7.1 HIGH |
| An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. | |||||
| CVE-2022-42305 | 1 Veritas | 1 Netbackup | 2022-10-04 | N/A | 7.5 HIGH |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | |||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2022-10-04 | N/A | 4.9 MEDIUM |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | |||||
| CVE-2021-42767 | 1 Neo4j | 1 Awesome Procedures | 2022-10-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1. | |||||
| CVE-2022-23357 | 1 Mozilo | 1 Mozilocms | 2022-09-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | |||||
| CVE-2022-28814 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-09-30 | N/A | 9.8 CRITICAL |
| Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device. | |||||
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2022-09-29 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2022-39033 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 9.8 CRITICAL |
| Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | |||||
| CVE-2022-39034 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 6.5 MEDIUM |
| Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | |||||
| CVE-2022-26276 | 1 Onenav | 1 Onenav | 2022-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | |||||
| CVE-2021-41002 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y8c and 12 more | 2022-09-27 | 8.5 HIGH | 8.1 HIGH |
| Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2022-09-27 | 7.1 HIGH | 6.8 MEDIUM |
| Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | |||||
| CVE-2022-39221 | 2 Mcwebserver Minecraft Mod For Fabric And Quilt Project, Mcwebserver Minecraft Mod For Forge Project | 2 Mcwebserver Minecraft Mod For Fabric And Quilt, Mcwebserver Minecraft Mod For Forge | 2022-09-23 | N/A | 7.5 HIGH |
| McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory. | |||||