Total
6548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26838 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. | |||||
| CVE-2022-26835 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-26675 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | |||||
| CVE-2022-26652 | 1 Nats | 2 Nats Server, Nats Streaming Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. | |||||
| CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | |||||
| CVE-2022-26484 | 1 Veritas | 1 Infoscale Operations Manager | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | |||||
| CVE-2022-26315 | 1 Qrcp Project | 1 Qrcp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. | |||||
| CVE-2022-26276 | 1 Onenav | 1 Onenav | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | |||||
| CVE-2022-26252 | 1 Aapanel | 1 Aapanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). | |||||
| CVE-2022-26233 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. | |||||
| CVE-2022-26068 | 1 Pistache Project | 1 Pistache | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server. | |||||
| CVE-2022-26049 | 1 Diffplug | 1 Goomph | 2024-11-21 | N/A | 5.3 MEDIUM |
| This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. | |||||
| CVE-2022-26041 | 1 Generex | 1 Rccmd | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2022-26019 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | |||||
| CVE-2022-25937 | 1 Glance Project | 1 Glance | 2024-11-21 | N/A | 6.5 MEDIUM |
| Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). | |||||
| CVE-2022-25936 | 1 Servst Project | 1 Servst | 2024-11-21 | N/A | 7.5 HIGH |
| Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | |||||
| CVE-2022-25931 | 1 Easy-static-server Project | 1 Easy-static-server | 2024-11-21 | N/A | 7.5 HIGH |
| All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2022-25895 | 1 Lite-dev-server Project | 1 Lite-dev-server | 2024-11-21 | N/A | 7.5 HIGH |
| All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code. | |||||
| CVE-2022-25882 | 1 Linuxfoundation | 1 Onnx | 2024-11-21 | N/A | 7.5 HIGH |
| Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | |||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | |||||