Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27277 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-11-21 | 9.1 Critical |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | ||||
| CVE-2022-27248 | 1 Idearespa | 1 Reftree | 2024-11-21 | 6.5 Medium |
| A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg. | ||||
| CVE-2022-27229 | 1 Intel | 11 Hdmi Firmware, Nuc 7 Business Nuc7i3dnhnc, Nuc 7 Business Nuc7i3dnktc and 8 more | 2024-11-21 | 6.7 Medium |
| Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-27208 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2022-27203 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 6.5 Medium |
| Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | ||||
| CVE-2022-27043 | 1 Yearning | 1 Yearning | 2024-11-21 | 7.5 High |
| Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal. | ||||
| CVE-2022-26960 | 1 Std42 | 1 Elfinder | 2024-11-21 | 9.1 Critical |
| connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. | ||||
| CVE-2022-26889 | 1 Splunk | 1 Splunk | 2024-11-21 | 8.8 High |
| In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | ||||
| CVE-2022-26884 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 6.5 Medium |
| Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher. | ||||
| CVE-2022-26838 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | 6.5 Medium |
| Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. | ||||
| CVE-2022-26835 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.9 Medium |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-26675 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 7.5 High |
| aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | ||||
| CVE-2022-26652 | 1 Nats | 2 Nats Server, Nats Streaming Server | 2024-11-21 | 6.5 Medium |
| NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. | ||||
| CVE-2022-26484 | 1 Veritas | 1 Infoscale Operations Manager | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | ||||
| CVE-2022-26315 | 1 Qrcp Project | 1 Qrcp | 2024-11-21 | 5.3 Medium |
| qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal via the file name specified by the uploader. | ||||
| CVE-2022-26276 | 1 Onenav | 1 Onenav | 2024-11-21 | 5.3 Medium |
| An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | ||||
| CVE-2022-26252 | 1 Aapanel | 1 Aapanel | 2024-11-21 | 6.5 Medium |
| aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa). | ||||
| CVE-2022-26233 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 7.5 High |
| Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. | ||||
| CVE-2022-26068 | 1 Pistache Project | 1 Pistache | 2024-11-21 | 6.5 Medium |
| This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server. | ||||
| CVE-2022-26049 | 1 Diffplug | 1 Goomph | 2024-11-21 | 5.3 Medium |
| This affects the package com.diffplug.gradle:goomph before 3.37.2. It allows a malicious zip file to potentially break out of the expected destination directory, writing contents into arbitrary locations on the file system. Overwriting certain files/directories could allow an attacker to achieve remote code execution on a target system by exploiting this vulnerability. **Note:** This could have allowed a malicious zip file to extract itself into an arbitrary directory. The only file that Goomph extracts is the p2 bootstrapper and eclipse metadata files hosted at eclipse.org, which are not malicious, so the only way this vulnerability could have affected you is if you had set a custom bootstrap zip, and that zip was malicious. | ||||