Total
6552 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-26652 | 1 Nats | 2 Nats Server, Nats Streaming Server | 2024-08-03 | 6.5 Medium |
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. | ||||
CVE-2022-26500 | 1 Veeam | 1 Veeam Backup \& Replication | 2024-08-03 | 8.8 High |
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | ||||
CVE-2022-26484 | 1 Veritas | 1 Infoscale Operations Manager | 2024-08-03 | 4.9 Medium |
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | ||||
CVE-2022-26315 | 1 Qrcp Project | 1 Qrcp | 2024-08-03 | 5.3 Medium |
qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. | ||||
CVE-2022-26276 | 1 Onenav | 1 Onenav | 2024-08-03 | 5.3 Medium |
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | ||||
CVE-2022-26252 | 1 Aapanel | 1 Aapanel | 2024-08-03 | 6.5 Medium |
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). | ||||
CVE-2022-26233 | 1 Barco | 1 Control Room Management Suite | 2024-08-03 | 7.5 High |
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. | ||||
CVE-2022-26041 | 1 Generex | 1 Rccmd | 2024-08-03 | 6.5 Medium |
Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | ||||
CVE-2022-26019 | 1 Netgate | 2 Pfsense, Pfsense Plus | 2024-08-03 | 8.8 High |
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | ||||
CVE-2022-25937 | 1 Glance Project | 1 Glance | 2024-08-03 | 6.5 Medium |
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129). | ||||
CVE-2022-25882 | 1 Linuxfoundation | 1 Onnx | 2024-08-03 | 7.5 High |
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | ||||
CVE-2022-25936 | 1 Servst Project | 1 Servst | 2024-08-03 | 7.5 High |
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | ||||
CVE-2022-25634 | 1 Qt | 1 Qt | 2024-08-03 | 7.5 High |
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory. | ||||
CVE-2022-25591 | 1 Blogengine | 1 Blogengine.net | 2024-08-03 | 9.1 Critical |
BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request. | ||||
CVE-2022-25412 | 1 Max-3000 | 1 Maxsite Cms | 2024-08-03 | 8.1 High |
Maxsite CMS v180 was discovered to contain multiple arbitrary file deletion vulnerabilities in /admin_page/all-files-update-ajax.php via the dir and deletefile parameters. | ||||
CVE-2022-25358 | 1 Awful-salmonella-tar Project | 1 Awful-salmonella-tar | 2024-08-03 | 5.3 Medium |
A ..%2F path traversal vulnerability exists in the path handler of awful-salmonella-tar before 0.0.4. Attackers can only list directories (not read files). This occurs because the safe-path? Scheme predicate is not used for directories. | ||||
CVE-2022-25371 | 1 Apache | 1 Ofbiz | 2024-08-03 | 9.8 Critical |
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. | ||||
CVE-2022-25266 | 1 Passwork | 1 Passwork | 2024-08-03 | 4.3 Medium |
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files). | ||||
CVE-2022-25267 | 1 Passwork | 1 Passwork | 2024-08-03 | 8.8 High |
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). | ||||
CVE-2022-25178 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-08-03 | 6.5 Medium |
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier does not restrict the names of resources passed to the libraryResource step, allowing attackers able to configure Pipelines permission to read arbitrary files on the Jenkins controller file system. |