Total
7648 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4773 | 1 Cloudsync Project | 1 Cloudsync | 2024-11-21 | 2.5 Low |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-4772 | 1 Widoco Project | 1 Widoco | 2024-11-21 | 4.5 Medium |
| A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-4748 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability. | ||||
| CVE-2022-4065 | 1 Testng Project | 1 Testng | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027. | ||||
| CVE-2022-48285 | 2 Jszip Project, Redhat | 2 Jszip, Rhmt | 2024-11-21 | 7.3 High |
| loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | ||||
| CVE-2022-46902 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | 6.3 Medium |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination. | ||||
| CVE-2022-46900 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters. | ||||
| CVE-2022-46898 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database. | ||||
| CVE-2022-45852 | 2024-11-21 | 6.5 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | ||||
| CVE-2022-45447 | 1 Prestashop | 1 M4 Pdf | 2024-11-21 | 6.5 Medium |
| M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The âfâ parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists. | ||||
| CVE-2022-45374 | 2 Wordpress, Yarpp | 2 Wordpress, Yarpp | 2024-11-21 | 7.7 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. | ||||
| CVE-2022-45368 | 2024-11-21 | 7.7 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. | ||||
| CVE-2022-45184 | 1 Ironmansoftware | 1 Powershell Universal | 2024-11-21 | 7.2 High |
| The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. | ||||
| CVE-2022-43451 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 8.4 High |
| OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | ||||
| CVE-2022-42476 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.8 High |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. | ||||
| CVE-2022-42474 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2024-11-21 | 6.2 Medium |
| A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests. | ||||
| CVE-2022-42470 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.1 High |
| A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. | ||||
| CVE-2022-42308 | 1 Veritas | 1 Netbackup | 2024-11-21 | 9 Critical |
| An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. | ||||
| CVE-2022-42305 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | ||||
| CVE-2022-42182 | 1 Precisely | 1 Spectrum Spatial Analyst | 2024-11-21 | 5.3 Medium |
| Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal. | ||||