Total
6541 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46902 | 1 Vocera | 2 Report Server, Voice Server | 2024-08-03 | 7.5 High |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination. | ||||
| CVE-2022-46900 | 1 Vocera | 2 Report Server, Voice Server | 2024-08-03 | 6.5 Medium |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters. | ||||
| CVE-2022-46898 | 1 Vocera | 2 Report Server, Voice Server | 2024-08-03 | 9.8 Critical |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database. | ||||
| CVE-2022-46835 | 1 Sailpoint | 1 Identityiq | 2024-08-03 | 8.8 High |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | ||||
| CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2024-08-03 | 6.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | ||||
| CVE-2022-46639 | 1 Correos | 1 Correos | 2024-08-03 | 7.5 High |
| A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | ||||
| CVE-2022-46305 | 1 Changingtec | 1 Servisign | 2024-08-03 | 6.5 Medium |
| ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. | ||||
| CVE-2022-46492 | 1 Nbnbk Project | 1 Nbnbk | 2024-08-03 | 6.5 Medium |
| nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary. | ||||
| CVE-2022-46309 | 1 Vitalsesp | 1 Vitals Esp | 2024-08-03 | 6.5 Medium |
| Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files. | ||||
| CVE-2022-46306 | 1 Changingtec | 1 Servisign | 2024-08-03 | 8.8 High |
| ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service. | ||||
| CVE-2022-46255 | 1 Github | 1 Enterprise Server | 2024-08-03 | 9.8 Critical |
| An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the working directory is clean before unpacking new content to prevent an arbitrary file overwrite bug. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-46256 | 1 Github | 1 Enterprise Server | 2024-08-03 | 8.8 High |
| A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5 and 3.7.2. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-46178 | 1 Metersphere | 1 Metersphere | 2024-08-03 | 7.4 High |
| MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds. | ||||
| CVE-2022-46154 | 1 Kodcloud | 1 Kodexplorer | 2024-08-03 | 8.6 High |
| Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-46137 | 1 Aerocms Project | 1 Aerocms | 2024-08-03 | 7.5 High |
| AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | ||||
| CVE-2022-45969 | 1 Alist Project | 1 Alist | 2024-08-03 | 9.8 Critical |
| Alist v3.4.0 is vulnerable to Directory Traversal, | ||||
| CVE-2022-46171 | 1 Tauri | 1 Tauri | 2024-08-03 | 6.8 Medium |
| Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication. | ||||
| CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2024-08-03 | 7.5 High |
| FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | ||||
| CVE-2022-45866 | 2 Fedoraproject, Qpress Project | 2 Fedora, Qpress | 2024-08-03 | 5.3 Medium |
| qpress before PierreLvx/qpress 20220819 and before version 11.3, as used in Percona XtraBackup and other products, allows directory traversal via ../ in a .qp file. | ||||
| CVE-2022-45852 | 2024-08-03 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | ||||