Total
6543 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40742 | 1 Softnext | 1 Mail Sqr Expert | 2024-11-21 | N/A | 6.5 MEDIUM |
| Mail SQR Expert system has a Local File Inclusion vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify partial system information but does not affect service availability. | |||||
| CVE-2022-40734 | 1 Unisharp | 1 Laravel Filemanager | 2024-11-21 | N/A | 6.5 MEDIUM |
| UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0. | |||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-40701 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-40608 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | N/A | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. | |||||
| CVE-2022-40607 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2024-11-21 | N/A | 6.8 MEDIUM |
| IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740. | |||||
| CVE-2022-40444 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A | 5.3 MEDIUM |
| ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | |||||
| CVE-2022-40443 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A | 5.3 MEDIUM |
| An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | |||||
| CVE-2022-40264 | 1 Iconics | 1 Genesis64 | 2024-11-21 | N/A | 6.3 MEDIUM |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker. | |||||
| CVE-2022-40199 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A | 2.7 LOW |
| Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | |||||
| CVE-2022-40123 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A | 6.5 MEDIUM |
| mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system. | |||||
| CVE-2022-40082 | 2 Cloudwego, Microsoft | 2 Hertz, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | |||||
| CVE-2022-3976 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. | |||||
| CVE-2022-3966 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal. The attack may be initiated remotely. Upgrading to version 2.5.1 is able to address this issue. The name of the patch is e1bc94c1100f02a129721ba4be5fbc44c3d78ec4. It is recommended to upgrade the affected component. The identifier VDB-213545 was assigned to this vulnerability. | |||||
| CVE-2022-3940 | 1 Ferry Project | 1 Ferry | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in lanyulei ferry. This affects an unknown part of the file apis/process/task.go. The manipulation of the argument file_name leads to path traversal. The associated identifier of this vulnerability is VDB-213447. | |||||
| CVE-2022-3939 | 1 Ferry Project | 1 Ferry | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in lanyulei ferry. Affected by this issue is some unknown functionality of the file apis/public/file.go of the component API. The manipulation of the argument file leads to path traversal. The attack may be launched remotely. VDB-213446 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3782 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 9.1 CRITICAL |
| keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. | |||||
| CVE-2022-3560 | 3 Fedoraproject, Pesign Project, Redhat | 3 Fedora, Pesign, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. | |||||
| CVE-2022-3389 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 7.5 HIGH |
| Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10. | |||||