Total
6174 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36943 | 1 Ssziparchive Project | 1 Ssziparchive | 2023-11-07 | N/A | 8.1 HIGH |
| SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item. | |||||
| CVE-2022-36261 | 1 Taogogo | 1 Taocms | 2023-11-07 | N/A | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | |||||
| CVE-2022-35650 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-11-07 | N/A | 7.5 HIGH |
| The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | |||||
| CVE-2022-34855 | 1 Intel | 1 Nuc Pro Software Suite | 2023-11-07 | N/A | 7.8 HIGH |
| Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34662 | 1 Apache | 1 Dolphinscheduler | 2023-11-07 | N/A | 6.5 MEDIUM |
| When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | |||||
| CVE-2022-34271 | 1 Apache | 1 Atlas | 2023-11-07 | N/A | 8.8 HIGH |
| A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | |||||
| CVE-2022-34254 | 2 Adobe, Magento | 2 Commerce, Magento | 2023-11-07 | N/A | 8.8 HIGH |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. A low privileged attacker could leverage this vulnerability to read local files and to perform Stored XSS. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-32190 | 1 Golang | 1 Go | 2023-11-07 | N/A | 7.5 HIGH |
| JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | |||||
| CVE-2022-31457 | 1 Rtx Trap Project | 1 Rtx Trap | 2023-11-07 | N/A | 7.5 HIGH |
| RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/. | |||||
| CVE-2022-30300 | 1 Fortinet | 1 Fortiweb | 2023-11-07 | N/A | 6.5 MEDIUM |
| A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. | |||||
| CVE-2022-30299 | 1 Fortinet | 1 Fortiweb | 2023-11-07 | N/A | 4.3 MEDIUM |
| A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. | |||||
| CVE-2022-2943 | 1 Connekthq | 1 Ajax Load More | 2023-11-07 | N/A | 4.9 MEDIUM |
| The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary file reading in versions up to, and including, 5.5.3 due to insufficient file path validation on the alm_repeaters_export() function. This makes it possible for authenticated attackers, with administrative privileges, to download arbitrary files hosted on the server that may contain sensitive content, such as the wp-config.php file. | |||||
| CVE-2022-2893 | 1 Ronds | 1 Equipment Predictive Maintenance | 2023-11-07 | N/A | 6.5 MEDIUM |
| RONDS EPM version 1.19.5 does not properly validate the filename parameter, which could allow an unauthorized user to specify file paths and download files. | |||||
| CVE-2022-2712 | 1 Eclipse | 1 Glassfish | 2023-11-07 | N/A | 7.5 HIGH |
| In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. | |||||
| CVE-2022-29804 | 2 Golang, Microsoft | 2 Go, Windows | 2023-11-07 | N/A | 7.5 HIGH |
| Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | |||||
| CVE-2022-27279 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. | |||||
| CVE-2022-27277 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | |||||
| CVE-2022-25937 | 1 Glance Project | 1 Glance | 2023-11-07 | N/A | 6.5 MEDIUM |
| Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). | |||||
| CVE-2022-25936 | 1 Servst Project | 1 Servst | 2023-11-07 | N/A | 7.5 HIGH |
| Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | |||||
| CVE-2022-25882 | 1 Linuxfoundation | 1 Onnx | 2023-11-07 | N/A | 7.5 HIGH |
| Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | |||||