Total
6551 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-34662 | 1 Apache | 1 Dolphinscheduler | 2024-08-03 | 6.5 Medium |
When users add resources to the resource center with a relation path will cause path traversal issues and only for logged-in users. You could upgrade to version 3.0.0 or higher | ||||
CVE-2022-34551 | 1 Sims Project | 1 Sims | 2024-08-03 | 6.5 Medium |
Sims v1.0 was discovered to allow path traversal when downloading attachments. | ||||
CVE-2022-34486 | 1 Pukiwiki | 1 Pukiwiki | 2024-08-03 | 7.2 High |
Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. | ||||
CVE-2022-34271 | 1 Apache | 1 Atlas | 2024-08-03 | 8.8 High |
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. | ||||
CVE-2022-34177 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-08-03 | 7.5 High |
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | ||||
CVE-2022-34179 | 1 Jenkins | 1 Embeddable Build Status | 2024-08-03 | 7.5 High |
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | ||||
CVE-2022-34127 | 1 Glpi-project | 1 Manageentities | 2024-08-03 | 7.5 High |
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter. | ||||
CVE-2022-34126 | 1 Glpi-project | 1 Activity | 2024-08-03 | 7.5 High |
The Activity plugin before 3.1.1 for GLPI allows reading local files via directory traversal in the front/cra.send.php file parameter. | ||||
CVE-2022-34026 | 1 Icecoder | 1 Icecoder | 2024-08-03 | 7.5 High |
ICEcoder v8.1 allows attackers to execute a directory traversal. | ||||
CVE-2022-34002 | 1 Pdssoftware | 1 Pds Vista 7 | 2024-08-03 | 6.5 Medium |
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application. | ||||
CVE-2022-33995 | 1 Devolutions | 1 Remote Desktop Manager | 2024-08-03 | 7.5 High |
A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | ||||
CVE-2022-32275 | 1 Grafana | 1 Grafana | 2024-08-03 | 7.5 High |
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content | ||||
CVE-2022-33892 | 1 Intel | 1 Quartus Prime | 2024-08-03 | 7.3 High |
Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-33715 | 1 Google | 1 Android | 2024-08-03 | 5.3 Medium |
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | ||||
CVE-2022-33690 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. | ||||
CVE-2022-33116 | 1 Openeclass | 1 Openeclass | 2024-08-03 | 6.5 Medium |
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. | ||||
CVE-2022-32551 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-08-03 | 7.5 High |
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | ||||
CVE-2022-32427 | 1 Printerlogic | 1 Windows Client | 2024-08-03 | 8.8 High |
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client 25.0.0688 and all affected are advised to upgrade. | ||||
CVE-2022-32409 | 1 Softwarepublico | 1 I3geo | 2024-08-03 | 9.8 Critical |
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. | ||||
CVE-2022-32328 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2024-08-03 | 9.1 Critical |
Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img. |