Total
6545 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31511 | 1 Equanimity Project | 1 Equanimity | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31510 | 1 Simple-rat Project | 1 Simple-rat | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31509 | 1 Iedadata | 1 Usap-dc Web Submission And Dataset Search | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31508 | 1 Idayrus | 1 E-voting | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31507 | 1 Ganga Project | 1 Ganga | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31506 | 1 Cmu | 1 Opendiamond | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31505 | 1 Mercadoenlineaback Project | 1 Mercadoenlineaback | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31504 | 1 Baiduwenkuspider Flaskweb Project | 1 Baiduwenkuspider Flaskweb | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31503 | 1 Orchest | 1 Orchest | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31502 | 1 Wormnest Project | 1 Wormnest | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31501 | 1 Onyxforum Project | 1 Onyxforum | 2024-11-21 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31483 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges. | |||||
| CVE-2022-31475 | 1 Givewp | 1 Givewp | 2024-11-21 | N/A | 5.5 MEDIUM |
| Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | |||||
| CVE-2022-31474 | 1 Ithemes | 1 Backupbuddy | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | |||||
| CVE-2022-31473 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | N/A | 6.8 MEDIUM |
| In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-31457 | 1 Rtx Trap Project | 1 Rtx Trap | 2024-11-21 | N/A | 7.5 HIGH |
| RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/. | |||||
| CVE-2022-31395 | 1 Algosolutions | 2 8373 Ip Zone Paging Adapter, 8373 Ip Zone Paging Adapter Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua. | |||||
| CVE-2022-31372 | 1 Wiris | 1 Mathtype | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler. | |||||
| CVE-2022-31268 | 1 Gitblit | 1 Gitblit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). | |||||
| CVE-2022-31255 | 2 Suse, Uyuni-project | 2 Manager Server, Uyuni | 2024-11-21 | N/A | 4.3 MEDIUM |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to read files available to the user running the process, typically tomcat. This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | |||||