Total
6551 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-32287 | 1 Apache | 1 Uimaj | 2024-08-03 | 7.5 High |
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. | ||||
CVE-2022-32270 | 1 Realnetworks | 1 Realplayer | 2024-08-03 | 9.8 Critical |
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | ||||
CVE-2022-32190 | 2 Golang, Redhat | 10 Go, Ceph Storage, Container Native Virtualization and 7 more | 2024-08-03 | 7.5 High |
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | ||||
CVE-2022-32199 | 1 Scriptcase | 1 Scriptcase | 2024-08-03 | 6.5 Medium |
db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. | ||||
CVE-2022-31739 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-08-03 | 8.8 High |
When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||||
CVE-2022-31836 | 1 Beego | 1 Beego | 2024-08-03 | 9.8 Critical |
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | ||||
CVE-2022-31793 | 2 Arris, Inglorion | 13 Bgw210, Bgw210 Firmware, Bgw320 and 10 more | 2024-08-03 | 7.5 High |
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. | ||||
CVE-2022-31706 | 1 Vmware | 1 Vrealize Log Insight | 2024-08-03 | 9.8 Critical |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2024-08-03 | 7.5 High |
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-08-03 | 7.5 High |
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | ||||
CVE-2022-31588 | 1 Testplatform Project | 1 Testplatform | 2024-08-03 | 9.3 Critical |
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31583 | 1 Automatedquizeval Project | 1 Automatedquizeval | 2024-08-03 | 9.3 Critical |
The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31574 | 1 Realestate Project | 1 Realestate | 2024-08-03 | 9.3 Critical |
The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31584 | 1 S3label Project | 1 S3label | 2024-08-03 | 9.3 Critical |
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31566 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2024-08-03 | 8.6 High |
The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31585 | 1 Home Internet Project | 1 Home Internet | 2024-08-03 | 9.3 Critical |
The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31587 | 1 Kg-fashion-chatbot Project | 1 Kg-fashion-chatbot | 2024-08-03 | 9.3 Critical |
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31563 | 1 Vprj Project | 1 Vprj | 2024-08-03 | 9.3 Critical |
The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31576 | 1 Shackerpanel Project | 1 Shackerpanel | 2024-08-03 | 9.3 Critical |
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
CVE-2022-31559 | 1 Flask-yeoman Project | 1 Flask-yeoman | 2024-08-03 | 9.3 Critical |
The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |