Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23357 | 1 Mozilo | 1 Mozilocms | 2022-09-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | |||||
| CVE-2022-28814 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2022-09-30 | N/A | 9.8 CRITICAL |
| Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device. | |||||
| CVE-2022-40082 | 2 Cloudwego, Microsoft | 2 Hertz, Windows | 2022-09-29 | N/A | 7.5 HIGH |
| Hertz v0.3.0 ws discovered to contain a path traversal vulnerability via the normalizePath function. | |||||
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2022-09-29 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2022-40199 | 1 Ec-cube | 1 Ec-cube | 2022-09-29 | N/A | 2.7 LOW |
| Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p4 ) and EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote authenticated attacker with an administrative privilege to obtain the product's directory structure information. | |||||
| CVE-2022-39033 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 9.8 CRITICAL |
| Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | |||||
| CVE-2022-39034 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 6.5 MEDIUM |
| Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | |||||
| CVE-2022-26276 | 1 Onenav | 1 Onenav | 2022-09-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | |||||
| CVE-2022-2926 | 1 Adobe | 1 Download Manager | 2022-09-28 | N/A | 4.9 MEDIUM |
| The Download Manager WordPress plugin before 3.2.55 does not validate one of its settings, which could allow high privilege users such as admin to list and read arbitrary files and folders outside of the blog directory | |||||
| CVE-2021-41002 | 1 Hpe | 15 Aruba 8320, Aruba 8325-32-c, Aruba 8325-48y8c and 12 more | 2022-09-27 | 8.5 HIGH | 8.1 HIGH |
| Multiple authenticated remote path traversal vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.06.xxxx: 10.06.0170 and below, AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address these security vulnerabilities. | |||||
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2022-09-27 | 7.1 HIGH | 6.8 MEDIUM |
| Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | |||||
| CVE-2022-34026 | 1 Icecoder | 1 Icecoder | 2022-09-24 | N/A | 7.5 HIGH |
| ICEcoder v8.1 allows attackers to execute a directory traversal. | |||||
| CVE-2021-25361 | 1 Google | 1 Android | 2022-09-23 | 7.2 HIGH | 8.8 HIGH |
| An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. | |||||
| CVE-2022-40444 | 1 Zzcms | 1 Zzcms | 2022-09-23 | N/A | 5.3 MEDIUM |
| ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | |||||
| CVE-2022-40443 | 1 Zzcms | 1 Zzcms | 2022-09-23 | N/A | 5.3 MEDIUM |
| An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | |||||
| CVE-2022-39221 | 2 Mcwebserver Minecraft Mod For Fabric And Quilt Project, Mcwebserver Minecraft Mod For Forge Project | 2 Mcwebserver Minecraft Mod For Fabric And Quilt, Mcwebserver Minecraft Mod For Forge | 2022-09-23 | N/A | 7.5 HIGH |
| McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory. | |||||
| CVE-2022-28981 | 1 Liferay | 1 Liferay Portal | 2022-09-23 | N/A | 7.5 HIGH |
| Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. | |||||
| CVE-2022-23767 | 2 Hanssak, Microsoft | 3 Securegate, Weblink, Windows | 2022-09-22 | N/A | 9.8 CRITICAL |
| This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system. | |||||
| CVE-2022-40608 | 1 Ibm | 1 Spectrum Protect Plus | 2022-09-21 | N/A | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. | |||||
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||