Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-39210 | 1 Nextcloud | 1 Nextcloud | 2022-09-21 | N/A | 5.5 MEDIUM |
| Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue. | |||||
| CVE-2022-39001 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-09-21 | N/A | 7.5 HIGH |
| The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure. | |||||
| CVE-2022-39215 | 1 Tauri | 1 Tauri | 2022-09-21 | N/A | 5.8 MEDIUM |
| Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called recursively, it was possible to display directory listings outside of the defined `fs` scope. This required a crafted symbolic link or junction folder inside an allowed path of the `fs` scope. No arbitrary file content could be leaked. The issue has been resolved in version 1.0.6 and the implementation now properly checks if the requested (sub) directory is a symbolic link outside of the defined `scope`. Users are advised to upgrade. Users unable to upgrade should disable the `readDir` endpoint in the `allowlist` inside the `tauri.conf.json`. | |||||
| CVE-2020-5410 | 1 Vmware | 1 Spring Cloud Config | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | |||||
| CVE-2020-8195 | 1 Citrix | 12 4000-wo, 4100-wo, 5000-wo and 9 more | 2022-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | |||||
| CVE-2022-34002 | 1 Pdssoftware | 1 Pds Vista 7 | 2022-09-19 | N/A | 6.5 MEDIUM |
| The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application. | |||||
| CVE-2022-1798 | 1 Kubevirt | 1 Kubevirt | 2022-09-19 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. | |||||
| CVE-2022-20395 | 1 Google | 1 Android | 2022-09-17 | N/A | 7.8 HIGH |
| In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 | |||||
| CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2022-09-16 | N/A | 8.8 HIGH |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | |||||
| CVE-2022-26049 | 1 Diffplug | 1 Goomph | 2022-09-16 | N/A | 8.8 HIGH |
| This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. | |||||
| CVE-2022-38614 | 1 Bpcbt | 1 Smartvista Cardgen | 2022-09-14 | N/A | 7.5 HIGH |
| An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. | |||||
| CVE-2022-38613 | 1 Bpcbt | 1 Smartvista Cardgen | 2022-09-14 | N/A | 6.5 MEDIUM |
| A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. | |||||
| CVE-2020-8446 | 1 Ossec | 1 Ossec | 2022-09-12 | 2.1 LOW | 5.5 MEDIUM |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | |||||
| CVE-2022-36081 | 1 Wikmd Project | 1 Wikmd | 2022-09-12 | N/A | 7.5 HIGH |
| Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue. | |||||
| CVE-2022-36850 | 1 Google | 1 Android | 2022-09-10 | N/A | 4.7 MEDIUM |
| Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | |||||
| CVE-2022-37299 | 1 Shirne Cms Project | 1 Shirne Cms | 2022-09-10 | N/A | 6.5 MEDIUM |
| An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | |||||
| CVE-2022-39838 | 1 Systematicalpha | 2 Systematic Fix Adapter, Systematic Fix Adapter Firmware | 2022-09-09 | N/A | 8.6 HIGH |
| Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2022-09-09 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||
| CVE-2022-34378 | 1 Dell | 1 Emc Powerscale Onefs | 2022-09-08 | N/A | 5.5 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | |||||