Total
6552 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29298 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-08-03 | 7.5 High |
SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | ||||
CVE-2022-29253 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 2.7 Low |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. | ||||
CVE-2022-29281 | 1 Notable | 1 Notable | 2024-08-03 | 8.8 High |
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | ||||
CVE-2022-29081 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2024-08-03 | 9.8 Critical |
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | ||||
CVE-2022-29154 | 3 Fedoraproject, Redhat, Samba | 6 Fedora, Enterprise Linux, Rhel E4s and 3 more | 2024-08-03 | 7.4 High |
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | ||||
CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2024-08-03 | 6.3 Medium |
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | ||||
CVE-2022-28945 | 1 Webbank | 1 Webcube | 2024-08-03 | 9.8 Critical |
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | ||||
CVE-2022-28981 | 1 Liferay | 1 Liferay Portal | 2024-08-03 | 7.5 High |
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. | ||||
CVE-2022-28814 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-08-03 | 9.8 Critical |
Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 was discovered to be vulnerable to a relative path traversal vulnerability which enables remote attackers to read arbitrary files and gain full control of the device. | ||||
CVE-2022-28741 | 1 Aenrich | 1 A\+hrd | 2024-08-03 | 8.1 High |
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x | ||||
CVE-2022-28784 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. | ||||
CVE-2022-28544 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 6.2 Medium |
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | ||||
CVE-2022-28541 | 1 Samsung | 1 Update | 2024-08-03 | 5.9 Medium |
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | ||||
CVE-2022-28523 | 1 Hongcms Project | 1 Hongcms | 2024-08-03 | 8.1 High |
HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. | ||||
CVE-2022-28527 | 1 Dhcms Project | 1 Dhcms | 2024-08-03 | 8.1 High |
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. | ||||
CVE-2022-28543 | 1 Samsung | 1 Samsung Flow | 2024-08-03 | 4 Medium |
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. | ||||
CVE-2022-28451 | 1 Nopcommerce | 1 Nopcommerce | 2024-08-03 | 7.5 High |
nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. | ||||
CVE-2022-28478 | 1 Seeddms | 1 Seeddms | 2024-08-03 | 6.5 Medium |
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. | ||||
CVE-2022-28444 | 1 Ucms Project | 1 Ucms | 2024-08-03 | 7.5 High |
UCMS v1.6 was discovered to contain an arbitrary file read vulnerability. | ||||
CVE-2022-28380 | 1 Rc-httpd Project | 1 Rc-httpd | 2024-08-03 | 7.5 High |
The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. |