Total
7217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | |||||
| CVE-2022-38129 | 1 Keysight | 1 Sensor Management Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. | |||||
| CVE-2022-38120 | 1 Upspowercom | 1 Upsmon Pro | 2024-11-21 | N/A | 6.5 MEDIUM |
| UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. | |||||
| CVE-2022-38088 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-37703 | 1 Amanda | 1 Amanda | 2024-11-21 | N/A | 3.3 LOW |
| In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. | |||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2024-11-21 | N/A | 7.5 HIGH |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | |||||
| CVE-2022-37681 | 1 Hitachi | 2 Hc-ip9100hd, Hc-ip9100hd Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue. | |||||
| CVE-2022-37423 | 1 Neo4j | 1 Awesome Procedures On Cypher | 2024-11-21 | N/A | 7.5 HIGH |
| Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | |||||
| CVE-2022-37422 | 1 Payara | 1 Payara | 2024-11-21 | N/A | 7.5 HIGH |
| Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | |||||
| CVE-2022-37299 | 1 Shirne Cms Project | 1 Shirne Cms | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | |||||
| CVE-2022-37122 | 1 Carel | 4 Applica, Pcoweb Card, Pcoweb Card Firmware and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. | |||||
| CVE-2022-37060 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains directory traversal characters to disclose the contents of files located outside of the server's restricted path. | |||||
| CVE-2022-36982 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.5 HIGH |
| This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967. | |||||
| CVE-2022-36981 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966. | |||||
| CVE-2022-36928 | 1 Zoom | 1 Zoom | 2024-11-21 | N/A | 6.1 MEDIUM |
| Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory. | |||||
| CVE-2022-36890 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | N/A | 4.3 MEDIUM |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-36889 | 1 Jenkins | 1 Deployer Framework | 2024-11-21 | N/A | 8.8 HIGH |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | |||||
| CVE-2022-36850 | 1 Google | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | |||||
| CVE-2022-36831 | 1 Samsung | 1 Notes | 2024-11-21 | N/A | 6.2 MEDIUM |
| Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. | |||||
| CVE-2022-36687 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2024-11-21 | N/A | 6.5 MEDIUM |
| Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | |||||