Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-125033 | 1 Rails-cv-app Project | 1 Rails-cv-app | 2023-01-09 | N/A | 7.5 HIGH |
| A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability. | |||||
| CVE-2017-20152 | 1 Imageserve Project | 1 Imageserve | 2023-01-09 | N/A | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056. | |||||
| CVE-2020-9920 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2023-01-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files. | |||||
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2023-01-09 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-38202 | 1 Esri | 1 Arcgis Server | 2023-01-06 | N/A | 7.5 HIGH |
| There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets). | |||||
| CVE-2022-4773 | 1 Cloudsync Project | 1 Cloudsync | 2023-01-06 | N/A | 3.3 LOW |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-4778 | 1 Elvexys | 1 Streamx | 2023-01-06 | N/A | 6.5 MEDIUM |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | |||||
| CVE-2020-36559 | 1 Aahframework | 1 Aah | 2023-01-06 | N/A | 7.5 HIGH |
| Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | |||||
| CVE-2019-25073 | 1 Goa.design | 1 Goa | 2023-01-06 | N/A | 7.5 HIGH |
| Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory. | |||||
| CVE-2018-25046 | 1 Cloudfoundry | 1 Archiver | 2023-01-06 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2022-4748 | 1 Flatpress | 1 Flatpress | 2023-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability was found in FlatPress. It has been classified as critical. This affects the function doItemActions of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component File Delete Handler. The manipulation of the argument deletefile leads to path traversal. The name of the patch is 5d5c7f6d8f072d14926fc2c3a97cdd763802f170. It is recommended to apply a patch to fix this issue. The identifier VDB-216861 was assigned to this vulnerability. | |||||
| CVE-2019-25087 | 1 Httpserver Project | 1 Httpserver | 2023-01-05 | N/A | 7.5 HIGH |
| A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863. | |||||
| CVE-2020-36566 | 1 Tar-utils Project | 1 Tar-utils | 2023-01-05 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36561 | 1 Unzip Project | 1 Unzip | 2023-01-05 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36560 | 1 Go-unzip Project | 1 Go-unzip | 2023-01-05 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2022-44564 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2023-01-05 | N/A | 7.8 HIGH |
| Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. | |||||
| CVE-2022-38205 | 1 Esri | 1 Portal For Arcgis | 2023-01-05 | N/A | 7.5 HIGH |
| In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | |||||
| CVE-2022-4772 | 1 Widoco Project | 1 Widoco | 2023-01-05 | N/A | 7.8 HIGH |
| A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is f2279b76827f32190adfa9bd5229b7d5a147fa92. It is recommended to apply a patch to fix this issue. VDB-216914 is the identifier assigned to this vulnerability. | |||||
| CVE-2020-36628 | 1 Android Processing Development Environment Project | 1 Android Processing Development Environment | 2023-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747. | |||||
| CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2023-01-04 | N/A | 6.5 MEDIUM |
| In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | |||||