Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40608 | 1 Ibm | 1 Spectrum Protect Plus | 2022-09-21 | N/A | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. | |||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-39210 | 1 Nextcloud | 1 Nextcloud | 2022-09-21 | N/A | 5.5 MEDIUM |
| Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue. | |||||
| CVE-2022-34002 | 1 Pdssoftware | 1 Pds Vista 7 | 2022-09-19 | N/A | 6.5 MEDIUM |
| The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application. | |||||
| CVE-2022-1798 | 1 Kubevirt | 1 Kubevirt | 2022-09-19 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. | |||||
| CVE-2022-20395 | 1 Google | 1 Android | 2022-09-17 | N/A | 7.8 HIGH |
| In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 | |||||
| CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2022-09-16 | N/A | 8.8 HIGH |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | |||||
| CVE-2022-26049 | 1 Diffplug | 1 Goomph | 2022-09-16 | N/A | 8.8 HIGH |
| This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. | |||||
| CVE-2022-38614 | 1 Bpcbt | 1 Smartvista Cardgen | 2022-09-14 | N/A | 7.5 HIGH |
| An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. | |||||
| CVE-2022-38613 | 1 Bpcbt | 1 Smartvista Cardgen | 2022-09-14 | N/A | 6.5 MEDIUM |
| A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. | |||||
| CVE-2020-8446 | 1 Ossec | 1 Ossec | 2022-09-12 | 2.1 LOW | 5.5 MEDIUM |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | |||||
| CVE-2022-36081 | 1 Wikmd Project | 1 Wikmd | 2022-09-12 | N/A | 7.5 HIGH |
| Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue. | |||||
| CVE-2022-36850 | 1 Google | 1 Android | 2022-09-10 | N/A | 4.7 MEDIUM |
| Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | |||||
| CVE-2022-37299 | 1 Shirne Cms Project | 1 Shirne Cms | 2022-09-10 | N/A | 6.5 MEDIUM |
| An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | |||||
| CVE-2022-39838 | 1 Systematicalpha | 2 Systematic Fix Adapter, Systematic Fix Adapter Firmware | 2022-09-09 | N/A | 8.6 HIGH |
| Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2022-09-09 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||
| CVE-2022-34378 | 1 Dell | 1 Emc Powerscale Onefs | 2022-09-08 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2022-36035 | 1 Fluxcd | 1 Flux2 | 2022-09-08 | N/A | 7.8 HIGH |
| Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. | |||||
| CVE-2022-37122 | 1 Carel | 4 Applica, Pcoweb Card, Pcoweb Card Firmware and 1 more | 2022-09-08 | N/A | 7.5 HIGH |
| Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. | |||||
| CVE-2022-36593 | 1 Keking | 1 Kkfileview | 2022-09-07 | N/A | 6.5 MEDIUM |
| kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | |||||