Total
6552 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-28148 | 2 Jenkins, Microsoft | 2 Continuous Integration With Toad Edge, Windows | 2024-08-03 | 6.5 Medium |
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. | ||||
CVE-2022-28156 | 1 Jenkins | 1 Pipeline\ | 2024-08-03 | 6.5 Medium |
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to copy arbitrary files and directories from the Jenkins controller to the agent workspace. | ||||
CVE-2022-28157 | 1 Jenkins | 1 Pipeline\ | 2024-08-03 | 6.5 Medium |
Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller via FTP to an attacker-specified FTP server. | ||||
CVE-2022-28146 | 1 Jenkins | 1 Continuous Integration With Toad Edge | 2024-08-03 | 6.5 Medium |
Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. | ||||
CVE-2022-28059 | 1 Verydows | 1 Verydows | 2024-08-03 | 8.1 High |
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php. | ||||
CVE-2022-28058 | 1 Verydows | 1 Verydows | 2024-08-03 | 8.1 High |
Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php. | ||||
CVE-2022-28052 | 1 Roothub | 1 Roothub | 2024-08-03 | 8.0 High |
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution. | ||||
CVE-2022-27925 | 1 Zimbra | 1 Collaboration | 2024-08-03 | 7.2 High |
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. | ||||
CVE-2022-27906 | 1 Mendelson | 1 Oftp2 | 2024-08-03 | 5.9 Medium |
Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory. | ||||
CVE-2022-27836 | 1 Google | 1 Android | 2024-08-03 | 8.4 High |
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. | ||||
CVE-2022-27657 | 1 Sap | 1 Focused Run | 2024-08-03 | 2.7 Low |
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0. | ||||
CVE-2022-27277 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-08-03 | 9.1 Critical |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | ||||
CVE-2022-27248 | 1 Idearespa | 1 Reftree | 2024-08-03 | 6.5 Medium |
A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg. | ||||
CVE-2022-27208 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-08-03 | 6.5 Medium |
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | ||||
CVE-2022-27279 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-08-03 | 7.5 High |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. | ||||
CVE-2022-27203 | 1 Jenkins | 1 Extended Choice Parameter | 2024-08-03 | 6.5 Medium |
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | ||||
CVE-2022-27043 | 1 Yearning | 1 Yearning | 2024-08-03 | 7.5 High |
Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal. | ||||
CVE-2022-26960 | 1 Std42 | 1 Elfinder | 2024-08-03 | 9.1 Critical |
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. | ||||
CVE-2022-26889 | 1 Splunk | 1 Splunk | 2024-08-03 | 8.8 High |
In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | ||||
CVE-2022-26884 | 1 Apache | 1 Dolphinscheduler | 2024-08-03 | 6.5 Medium |
Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. |