Total
7213 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42305 | 1 Veritas | 1 Netbackup | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | |||||
| CVE-2022-42280 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | |||||
| CVE-2022-42182 | 1 Precisely | 1 Spectrum Spatial Analyst | 2024-11-21 | N/A | 5.3 MEDIUM |
| Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal. | |||||
| CVE-2022-42123 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 7.5 HIGH |
| A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. | |||||
| CVE-2022-41956 | 1 Autolabproject | 1 Autolab | 2024-11-21 | N/A | 6.5 MEDIUM |
| Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file's contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment > Advanced > Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`. | |||||
| CVE-2022-41951 | 1 Oroinc | 1 Oroplatform | 2024-11-21 | N/A | 8.5 HIGH |
| OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. | |||||
| CVE-2022-41920 | 1 Lancet Project | 1 Lancet | 2024-11-21 | N/A | 6.3 MEDIUM |
| Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-41780 | 1 F5 | 2 F5os-a, F5os-c | 2024-11-21 | N/A | 5.5 MEDIUM |
| In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. | |||||
| CVE-2022-41772 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. | |||||
| CVE-2022-41761 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. | |||||
| CVE-2022-41760 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. | |||||
| CVE-2022-41722 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". | |||||
| CVE-2022-41670 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-11-21 | N/A | 7.0 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-41667 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2024-11-21 | N/A | 7.0 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | |||||
| CVE-2022-41657 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution. | |||||
| CVE-2022-41607 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2024-11-21 | N/A | 6.2 MEDIUM |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s application programmable interface (API) is vulnerable to directory traversal through several different methods. This could allow an attacker to read sensitive files from the server, including SSH private keys, passwords, scripts, python objects, database files, and more. | |||||
| CVE-2022-41335 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2024-11-21 | N/A | 8.8 HIGH |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and before 2.0.10, FortiSwitchManager 7.2.0 and before 7.0.0 allows an authenticated attacker to read and write files on the underlying Linux system via crafted HTTP requests. | |||||
| CVE-2022-41212 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 4.9 MEDIUM |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. | |||||
| CVE-2022-41158 | 2 Eyoom, Linux | 2 Eyoom Builder, Linux Kernel | 2024-11-21 | N/A | 7.2 HIGH |
| Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. | |||||
| CVE-2022-41154 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary file deletion. An attacker can send a network request to trigger this vulnerability. | |||||