Total
6552 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-23447 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-08-03 | 7.3 High |
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | ||||
CVE-2022-23470 | 1 Galaxyproject | 1 Galaxy | 2024-08-03 | 8.6 High |
Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and higher, after the switch to gunicorn, which serve static contents directly. Additionally, the vulnerability is mitigated when using Nginx or Apache to serve /static/* contents, instead of Galaxy's internal middleware. This issue has been patched in commit `e5e6bda4f` and will be included in future releases. Users are advised to manually patch their installations. There are no known workarounds for this vulnerability. | ||||
CVE-2022-23409 | 1 Ethercreative | 1 Logs | 2024-08-03 | 4.9 Medium |
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | ||||
CVE-2022-23457 | 3 Netapp, Oracle, Owasp | 4 Active Iq Unified Manager, Oncommand Workflow Automation, Weblogic Server and 1 more | 2024-08-03 | 7.5 High |
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this. | ||||
CVE-2022-23357 | 1 Mozilo | 1 Mozilocms | 2024-08-03 | 9.1 Critical |
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. | ||||
CVE-2022-23347 | 1 Bigantsoft | 1 Bigant Server | 2024-08-03 | 7.5 High |
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | ||||
CVE-2022-23135 | 1 Zte | 4 Zxhn F477, Zxhn F477 Firmware, Zxhn F677 and 1 more | 2024-08-03 | 6.5 Medium |
There is a directory traversal vulnerability in some home gateway products of ZTE. Due to the lack of verification of user modified destination path, an attacker with specific permissions could modify the FTP access path to access and modify the system path contents without authorization, which will cause information leak and affect device operation. | ||||
CVE-2022-23119 | 2 Linux, Trendmicro | 2 Linux Kernel, Deep Security Agent | 2024-08-03 | 7.5 High |
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability. | ||||
CVE-2022-23107 | 1 Jenkins | 1 Warnings Next Generation | 2024-08-03 | 8.1 High |
Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. | ||||
CVE-2022-22932 | 2 Apache, Redhat | 2 Karaf, Jboss Fuse | 2024-08-03 | 5.3 Medium |
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326 | ||||
CVE-2022-22914 | 1 Ovidentia | 1 Ovidentia | 2024-08-03 | 7.5 High |
An incorrect access control issue in the component FileManager of Ovidentia CMS 6.0 allows authenticated attackers to to view and download content in the upload directory via path traversal. | ||||
CVE-2022-22931 | 1 Apache | 1 James | 2024-08-03 | 4.3 Medium |
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). | ||||
CVE-2022-22836 | 1 Coreftp | 1 Core Ftp | 2024-08-03 | 6.5 Medium |
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. | ||||
CVE-2022-22821 | 1 Nvidia | 1 Nemo | 2024-08-03 | 2 Low |
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. | ||||
CVE-2022-22790 | 1 Synel | 1 Eharmony | 2024-08-03 | 5.6 Medium |
SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the "Name" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload | ||||
CVE-2022-22731 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2024-08-03 | 6.5 Medium |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | ||||
CVE-2022-22279 | 1 Sonicwall | 10 Sma 210, Sma 210 Firmware, Sma 410 and 7 more | 2024-08-03 | 4.9 Medium |
A post-authentication arbitrary file read vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions | ||||
CVE-2022-22128 | 1 Tableau | 1 Tableau Server | 2024-08-03 | 9.8 Critical |
Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. | ||||
CVE-2022-21999 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-08-03 | 7.8 High |
Windows Print Spooler Elevation of Privilege Vulnerability | ||||
CVE-2022-21808 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-08-03 | 8.8 High |
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. |