Total
6543 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48361 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources. | |||||
| CVE-2022-48323 | 1 Sunlogin | 1 Sunflower | 2024-11-21 | N/A | 9.8 CRITICAL |
| Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program. | |||||
| CVE-2022-48285 | 1 Jszip Project | 1 Jszip | 2024-11-21 | N/A | 7.3 HIGH |
| loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | |||||
| CVE-2022-48253 | 1 Nazgul | 1 Nostromo | 2024-11-21 | N/A | 9.8 CRITICAL |
| nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used. | |||||
| CVE-2022-47951 | 2 Debian, Openstack | 4 Debian Linux, Cinder, Glance and 1 more | 2024-11-21 | N/A | 5.7 MEDIUM |
| An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. | |||||
| CVE-2022-47945 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A | 9.8 CRITICAL |
| ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php. | |||||
| CVE-2022-47875 | 1 Jedox | 2 Cloud, Jedox | 2024-11-21 | N/A | 8.8 HIGH |
| A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | |||||
| CVE-2022-47768 | 1 Serinf | 1 Fast Checkin | 2024-11-21 | N/A | 7.5 HIGH |
| Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | |||||
| CVE-2022-47762 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | N/A | 7.5 HIGH |
| In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | |||||
| CVE-2022-47757 | 1 Imo | 1 Imo | 2024-11-21 | N/A | 9.8 CRITICAL |
| In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution. | |||||
| CVE-2022-47747 | 1 Uber | 1 Kraken | 2024-11-21 | N/A | 7.5 HIGH |
| kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs. | |||||
| CVE-2022-47595 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | N/A | 4.9 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. | |||||
| CVE-2022-47526 | 1 Fox-it | 2 Fox Datadiode, Fox Datadiode Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-47506 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.8 HIGH |
| SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands. | |||||
| CVE-2022-47501 | 1 Apache | 1 Ofbiz | 2024-11-21 | N/A | 7.5 HIGH |
| Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. | |||||
| CVE-2022-47027 | 1 Timmystudios | 1 Fast Typing Keyboard | 2024-11-21 | N/A | 9.8 CRITICAL |
| Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution. | |||||
| CVE-2022-46959 | 1 Sonic Project | 1 Sonic | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | |||||
| CVE-2022-46945 | 1 Nagvis | 1 Nagvis | 2024-11-21 | N/A | 9.1 CRITICAL |
| Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. | |||||
| CVE-2022-46902 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination. | |||||
| CVE-2022-46900 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters. | |||||