Total
6551 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-39059 | 1 Changingtec | 1 Megaservisignadapter | 2024-08-03 | 7.5 High |
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | ||||
CVE-2022-39045 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-08-03 | 8.8 High |
A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | ||||
CVE-2022-39040 | 1 Aenrich | 1 A\+hrd | 2024-08-03 | 7.5 High |
aEnrich a+HRD log read function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
CVE-2022-39001 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-03 | 7.5 High |
The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure. | ||||
CVE-2022-38794 | 1 Zaver Project | 1 Zaver | 2024-08-03 | 7.5 High |
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | ||||
CVE-2022-38723 | 1 Gravitee | 1 Api Management | 2024-08-03 | 8.6 High |
Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | ||||
CVE-2022-38731 | 1 Qaelum | 1 Dose | 2024-08-03 | 4.3 Medium |
Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine. | ||||
CVE-2022-38638 | 1 Casbin | 1 Casdoor | 2024-08-03 | 9.1 Critical |
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource. | ||||
CVE-2022-38614 | 1 Bpcbt | 1 Smartvista Cardgen | 2024-08-03 | 7.5 High |
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter. | ||||
CVE-2022-38613 | 1 Bpcbt | 1 Smartvista Cardgen | 2024-08-03 | 6.5 Medium |
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system. | ||||
CVE-2022-38451 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2024-08-03 | 7.5 High |
A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
CVE-2022-38340 | 1 Safe | 1 Fme Server | 2024-08-03 | 9.1 Critical |
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. | ||||
CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2024-08-03 | 8.8 High |
Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | ||||
CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-08-03 | 8.1 High |
A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | ||||
CVE-2022-38202 | 1 Esri | 1 Arcgis Server | 2024-08-03 | 7.5 High |
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets). | ||||
CVE-2022-38129 | 1 Keysight | 1 Sensor Management Server | 2024-08-03 | 9.8 Critical |
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. | ||||
CVE-2022-38088 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-08-03 | 6.5 Medium |
A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | ||||
CVE-2022-37934 | 2 Hp, Hpe | 20 Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a, Officeconnect 1820 24g Poe\+ \(185w\) Switch J9983a Firmware, Officeconnect 1820 48g Poe\+ \(370w\) Switch J9984a and 17 more | 2024-08-03 | 6.8 Medium |
A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below. | ||||
CVE-2022-37906 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-08-03 | 6.5 Medium |
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system. | ||||
CVE-2022-37866 | 2 Apache, Redhat | 2 Ivy, Camel Spring Boot | 2024-08-03 | 7.5 High |
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1. |