Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44748 | 1 Knime | 1 Knime Server | 2022-11-30 | N/A | 7.5 HIGH |
| A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server. This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though. Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user. There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised. | |||||
| CVE-2022-41712 | 1 Frappe | 1 Frappe | 2022-11-30 | N/A | 6.5 MEDIUM |
| Frappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not correctly validate the information injected by the user in the import_file parameter. | |||||
| CVE-2021-25059 | 1 Metagauss | 1 Download Plugin | 2022-11-30 | N/A | 4.3 MEDIUM |
| The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download a full copy of the website. | |||||
| CVE-2022-45381 | 1 Jenkins | 1 Pipeline Utility Steps | 2022-11-29 | N/A | 8.1 HIGH |
| Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | |||||
| CVE-2020-5752 | 1 Druva | 1 Insync Client | 2022-11-28 | 7.2 HIGH | 7.8 HIGH |
| Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | |||||
| CVE-2022-4065 | 1 Testng Project | 1 Testng | 2022-11-25 | N/A | 7.8 HIGH |
| A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-214027. | |||||
| CVE-2022-3762 | 1 Booster | 1 Booster For Woocommerce | 2022-11-23 | N/A | 6.5 MEDIUM |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite) | |||||
| CVE-2022-3090 | 1 Redlion | 1 Crimson | 2022-11-22 | N/A | 5.3 MEDIUM |
| Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 versions 3126.001 and prior, and Crimson 3.2 versions 3.2.0044.0 and prior are vulnerable to path traversal. When attempting to open a file using a specific path, the user's password hash is sent to an arbitrary host. This could allow an attacker to obtain user credential hashes. | |||||
| CVE-2022-41920 | 1 Lancet Project | 1 Lancet | 2022-11-22 | N/A | 8.8 HIGH |
| Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-39178 | 1 Webvendome Project | 1 Webvendome | 2022-11-21 | N/A | 5.3 MEDIUM |
| Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure. | |||||
| CVE-2022-42892 | 1 Siemens | 1 Syngo Dynamics Cardiovascular Imaging And Information System | 2022-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow directory listing in any folder accessible to the account assigned to the website’s application pool. | |||||
| CVE-2022-44008 | 1 Backclick | 1 Backclick | 2022-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly. | |||||
| CVE-2022-41840 | 1 Collne | 1 Welcart E-commerce | 2022-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress. | |||||
| CVE-2022-39261 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2022-11-21 | N/A | 7.5 HIGH |
| Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the `source` or `include` statement to read arbitrary files from outside the templates' directory when using a namespace like `@somewhere/../some.file`. In such a case, validation is bypassed. Versions 1.44.7, 2.15.3, and 3.4.3 contain a fix for validation of such template names. There are no known workarounds aside from upgrading. | |||||
| CVE-2022-44006 | 1 Backclick | 1 Backclick | 2022-11-20 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by uploading an executable file. | |||||
| CVE-2022-3976 | 1 Mz-automation | 1 Libiec61850 | 2022-11-18 | N/A | 8.8 HIGH |
| A vulnerability has been found in MZ Automation libiec61850 up to 1.4 and classified as critical. This vulnerability affects unknown code of the file src/mms/iso_mms/client/mms_client_files.c of the component MMS File Services. The manipulation of the argument filename leads to path traversal. Upgrading to version 1.5 is able to address this issue. The name of the patch is 10622ba36bb3910c151348f1569f039ecdd8786f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213556. | |||||
| CVE-2013-0895 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2022-11-18 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. | |||||
| CVE-2022-42125 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-11-18 | N/A | 7.5 HIGH |
| Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module. | |||||
| CVE-2022-42123 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-11-18 | N/A | 7.5 HIGH |
| A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin. | |||||
| CVE-2022-45388 | 1 Jenkins | 1 Config Rotator | 2022-11-17 | N/A | 7.5 HIGH |
| Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing unauthenticated attackers to read arbitrary files with '.xml' extension on the Jenkins controller file system. | |||||