Total
6543 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-44564 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2024-11-21 | N/A | 7.8 HIGH |
Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. | |||||
CVE-2022-44532 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 4.9 MEDIUM |
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
CVE-2022-44299 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | N/A | 4.9 MEDIUM |
SiteServerCMS 7.1.3 sscms has a file read vulnerability. | |||||
CVE-2022-44280 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | N/A | 6.5 MEDIUM |
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img. | |||||
CVE-2022-44016 | 1 Simmeth | 1 Lieferantenmanager | 2024-11-21 | N/A | 7.5 HIGH |
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value. | |||||
CVE-2022-44008 | 1 Backclick | 1 Backclick | 2024-11-21 | N/A | 6.5 MEDIUM |
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | |||||
CVE-2022-44006 | 1 Backclick | 1 Backclick | 2024-11-21 | N/A | 9.8 CRITICAL |
An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. | |||||
CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.9 MEDIUM |
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | |||||
CVE-2022-43975 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. | |||||
CVE-2022-43864 | 1 Ibm | 2 Business Automation Workflow, Business Monitor | 2024-11-21 | N/A | 7.5 HIGH |
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. | |||||
CVE-2022-43858 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their files through this interface. IBM X-Force ID: 239303. | |||||
CVE-2022-43857 | 1 Ibm | 1 I | 2024-11-21 | N/A | 4.3 MEDIUM |
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301. | |||||
CVE-2022-43771 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2024-11-21 | N/A | 6.5 MEDIUM |
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. | |||||
CVE-2022-43753 | 2 Suse, Uyuni-project | 2 Manager Server, Uyuni | 2024-11-21 | N/A | 4.3 MEDIUM |
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | |||||
CVE-2022-43748 | 1 Synology | 1 Presto File Server | 2024-11-21 | N/A | 5.8 MEDIUM |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors. | |||||
CVE-2022-43518 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 4.9 MEDIUM |
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below. | |||||
CVE-2022-43514 | 1 Siemens | 1 Automation License Manager | 2024-11-21 | N/A | 7.7 HIGH |
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4), TeleControl Server Basic V3 (All versions < V3.1.2). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution. | |||||
CVE-2022-43451 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.4 HIGH |
OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | |||||
CVE-2022-43264 | 1 Guitar-pro | 1 Guitar Pro | 2024-11-21 | N/A | 7.5 HIGH |
Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows attackers to perform directory traversal and download arbitrary files via a crafted web request. | |||||
CVE-2022-42977 | 1 Atlassian | 1 Confluence Data Center | 2024-11-21 | N/A | 7.5 HIGH |
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded. |