Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31793 | 2 Arris, Inglorion | 13 Bgw210, Bgw210 Firmware, Bgw320 and 10 more | 2024-11-21 | 7.5 High |
| do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. | ||||
| CVE-2022-31739 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 8.8 High |
| When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | ||||
| CVE-2022-31706 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 9.8 Critical |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
| CVE-2022-31703 | 1 Vmware | 1 Vrealize Log Insight | 2024-11-21 | 7.5 High |
| The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
| CVE-2022-31662 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | 7.5 High |
| VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | ||||
| CVE-2022-31588 | 1 Testplatform Project | 1 Testplatform | 2024-11-21 | 9.3 Critical |
| The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31587 | 1 Kg-fashion-chatbot Project | 1 Kg-fashion-chatbot | 2024-11-21 | 9.3 Critical |
| The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31586 | 1 Changepop-back Project | 1 Changepop-back | 2024-11-21 | 9.3 Critical |
| The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31585 | 1 Home Internet Project | 1 Home Internet | 2024-11-21 | 9.3 Critical |
| The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31584 | 1 S3label Project | 1 S3label | 2024-11-21 | 9.3 Critical |
| The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31583 | 1 Automatedquizeval Project | 1 Automatedquizeval | 2024-11-21 | 9.3 Critical |
| The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31582 | 1 Videoserver Project | 1 Videoserver | 2024-11-21 | 9.3 Critical |
| The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31581 | 1 Scorelab | 1 Openmf | 2024-11-21 | 9.3 Critical |
| The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31580 | 1 Caretakerr-api Project | 1 Caretakerr-api | 2024-11-21 | 9.3 Critical |
| The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31579 | 1 Iasset Project | 1 Iasset | 2024-11-21 | 9.3 Critical |
| The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31578 | 1 Bt Lnmp Project | 1 Bt Lnmp | 2024-11-21 | 7.5 High |
| The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31577 | 1 Audio Aligner App Project | 1 Audio Aligner App | 2024-11-21 | 9.3 Critical |
| The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31576 | 1 Shackerpanel Project | 1 Shackerpanel | 2024-11-21 | 9.3 Critical |
| The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31575 | 1 Livro Python Project | 1 Livro Python | 2024-11-21 | 9.3 Critical |
| The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||
| CVE-2022-31574 | 1 Realestate Project | 1 Realestate | 2024-11-21 | 9.3 Critical |
| The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||||