Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24716 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | 7.5 High |
| Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. | ||||
| CVE-2022-24715 | 1 Icinga | 1 Icinga Web 2 | 2024-11-21 | 8.5 High |
| Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. | ||||
| CVE-2022-24659 | 1 Goldshell | 1 Goldshell Miner Firmware | 2024-11-21 | 7.5 High |
| Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device. | ||||
| CVE-2022-24647 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 8.1 High |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | ||||
| CVE-2022-24424 | 1 Dell | 1 Emc Appsync | 2024-11-21 | 7.5 High |
| Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | ||||
| CVE-2022-24348 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 7.7 High |
| Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. | ||||
| CVE-2022-24312 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 9.8 Critical |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24311 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Server | 2024-11-21 | 9.8 Critical |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | ||||
| CVE-2022-24278 | 1 Convert-svg Project | 1 Convert-svg | 2024-11-21 | 7.5 High |
| The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | ||||
| CVE-2022-24248 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 6.5 Medium |
| RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. | ||||
| CVE-2022-24247 | 1 Ritecms | 1 Ritecms | 2024-11-21 | 6.5 Medium |
| RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution. | ||||
| CVE-2022-23971 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.1 High |
| ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | ||||
| CVE-2022-23970 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2024-11-21 | 8.1 High |
| ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | ||||
| CVE-2022-23793 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path. | ||||
| CVE-2022-23770 | 2 Linux, Wisa | 2 Linux Kernel, Smart Wing Cms | 2024-11-21 | 8.8 High |
| This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal. | ||||
| CVE-2022-23767 | 2 Hanssak, Microsoft | 3 Securegate, Weblink, Windows | 2024-11-21 | 8.8 High |
| This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system. | ||||
| CVE-2022-23732 | 1 Github | 1 Enterprise Server | 2024-11-21 | 8.8 High |
| A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-23620 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 6.8 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export. | ||||
| CVE-2022-23612 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 7.5 High |
| OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance. | ||||
| CVE-2022-23609 | 1 Itunesrpc-remastered Project | 1 Itunesrpc-remastered | 2024-11-21 | 8.3 High |
| iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible. | ||||