Total
6544 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36243 | 1 Shopbeat | 1 Shop Beat Media Player | 2024-11-21 | N/A | 5.3 MEDIUM |
Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in "studio" software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm. | |||||
CVE-2022-36221 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | |||||
CVE-2022-36168 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A | 2.7 LOW |
A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | |||||
CVE-2022-36113 | 1 Rust-lang | 1 Cargo | 2024-11-21 | N/A | 4.6 MEDIUM |
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. | |||||
CVE-2022-36081 | 1 Wikmd Project | 1 Wikmd | 2024-11-21 | N/A | 7.5 HIGH |
Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue. | |||||
CVE-2022-36065 | 1 Growthbook | 1 Growthbook | 2024-11-21 | N/A | 7.5 HIGH |
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the right location, they can execute arbitrary code within the container. To be affected, ALL of the following must be true: Self-hosted deployment (GrowthBook Cloud is unaffected); using local file uploads (as opposed to S3 or Google Cloud Storage); NODE_ENV set to a non-production value and JWT_SECRET set to an easily guessable string like `dev`. This issue is patched in commit 1a5edff8786d141161bf880c2fd9ccbe2850a264 (2022-08-29). As a workaround, set `JWT_SECRET` environment variable to a long random string. This will stop arbitrary file uploads, but the only way to stop attackers from registering accounts is by updating to the latest build. | |||||
CVE-2022-36035 | 1 Fluxcd | 1 Flux2 | 2024-11-21 | N/A | 7.7 HIGH |
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. | |||||
CVE-2022-36007 | 1 Venice Project | 1 Venice | 2024-11-21 | N/A | 6.1 MEDIUM |
Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions `load-file` and `load-resource`. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: `[ "/Users/foo/resources" ]` When passing **relative** paths to these two vulnerable functions everything is fine: `(load-resource "test.png")` => loads the file "/Users/foo/resources/test.png" `(load-resource "../resources-alt/test.png")` => rejected, outside the load path When passing **absolute** paths to these two vulnerable functions Venice may return files outside the configured load paths: `(load-resource "/Users/foo/resources/test.png")` => loads the file "/Users/foo/resources/test.png" `(load-resource "/Users/foo/resources-alt/test.png")` => loads the file "/Users/foo/resources-alt/test.png" !!! The latter call suffers from the _Partial Path Traversal_ vulnerability. This issue’s scope is limited to absolute paths whose name prefix matches a load path. E.g. for a load-path `"/Users/foo/resources"`, the actor can cause loading a resource also from `"/Users/foo/resources-alt"`, but not from `"/Users/foo/images"`. Versions of Venice before and including v1.10.17 are affected by this issue. Upgrade to Venice >= 1.10.18, if you are on a version < 1.10.18. There are currently no known workarounds. | |||||
CVE-2022-35920 | 1 Sanic Project | 1 Sanic | 2024-11-21 | N/A | 8.3 HIGH |
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue. | |||||
CVE-2022-35919 | 1 Minio | 1 Minio | 2024-11-21 | N/A | 7.4 HIGH |
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. | |||||
CVE-2022-35918 | 1 Snowflake | 1 Streamlit | 2024-11-21 | N/A | 6.5 MEDIUM |
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2022-35908 | 1 Cambiumnetworks | 1 Enterprise Wi-fi | 2024-11-21 | N/A | 8.8 HIGH |
Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | |||||
CVE-2022-35861 | 1 Pyenv | 1 Pyenv | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | |||||
CVE-2022-35410 | 2 0xacab, Debian | 2 Mat2, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | |||||
CVE-2022-35235 | 1 Xplodedthemes | 1 Wpide - File Manager \& Code Editor | 2024-11-21 | N/A | 4.9 MEDIUM |
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | |||||
CVE-2022-35216 | 1 Omicard Edm Project | 1 Omicard Edm | 2024-11-21 | N/A | 7.5 HIGH |
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | |||||
CVE-2022-35204 | 1 Vitejs | 1 Vite | 2024-11-21 | N/A | 4.3 MEDIUM |
Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. | |||||
CVE-2022-34855 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-34836 | 1 Abb | 1 Zenon | 2024-11-21 | N/A | 5.9 MEDIUM |
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | |||||
CVE-2022-34822 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2024-11-21 | N/A | 9.8 CRITICAL |
Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. |