Total
6543 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42892 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. | |||||
| CVE-2022-42706 | 1 Sangoma | 2 Asterisk, Certified Asterisk | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. | |||||
| CVE-2022-42476 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.2 HIGH |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. | |||||
| CVE-2022-42474 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2024-11-21 | N/A | 6.5 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. | |||||
| CVE-2022-42470 | 1 Fortinet | 1 Forticlient | 2024-11-21 | N/A | 7.8 HIGH |
| A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. | |||||
| CVE-2022-42308 | 1 Veritas | 1 Netbackup | 2024-11-21 | N/A | 9.0 CRITICAL |
| An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. | |||||
| CVE-2022-42305 | 1 Veritas | 1 Netbackup | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | |||||
| CVE-2022-42280 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 7.1 HIGH |
| NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | |||||
| CVE-2022-42188 | 1 Lavalite | 1 Lavalite | 2024-11-21 | N/A | 7.5 HIGH |
| In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2022-42182 | 1 Precisely | 1 Spectrum Spatial Analyst | 2024-11-21 | N/A | 5.3 MEDIUM |
| Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal. | |||||
| CVE-2022-42136 | 1 Mailenable | 1 Mailenable | 2024-11-21 | N/A | 8.8 HIGH |
| Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands. | |||||
| CVE-2022-42125 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 7.5 HIGH |
| Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. | |||||
| CVE-2022-42123 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | N/A | 7.5 HIGH |
| A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. | |||||
| CVE-2022-41956 | 1 Autolabproject | 1 Autolab | 2024-11-21 | N/A | 6.5 MEDIUM |
| Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file's contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment > Advanced > Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`. | |||||
| CVE-2022-41951 | 1 Oroinc | 1 Oroplatform | 2024-11-21 | N/A | 8.5 HIGH |
| OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9. | |||||
| CVE-2022-41920 | 1 Lancet Project | 1 Lancet | 2024-11-21 | N/A | 6.3 MEDIUM |
| Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-41840 | 1 Collne | 1 Welcart E-commerce | 2024-11-21 | N/A | 7.5 HIGH |
| Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | |||||
| CVE-2022-41780 | 1 F5 | 2 F5os-a, F5os-c | 2024-11-21 | N/A | 5.5 MEDIUM |
| In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0, a directory traversal vulnerability exists in an undisclosed location of the F5OS CLI that allows an attacker to read arbitrary files. | |||||
| CVE-2022-41772 | 1 Deltaww | 1 Infrasuite Device Master | 2024-11-21 | N/A | 9.8 CRITICAL |
| Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution. | |||||
| CVE-2022-41761 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. | |||||