Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34026 | 1 Icecoder | 1 Icecoder | 2022-09-23 | N/A | 7.5 HIGH |
| ICEcoder v8.1 allows attackers to execute a directory traversal. | |||||
| CVE-2022-40444 | 1 Zzcms | 1 Zzcms | 2022-09-23 | N/A | 5.3 MEDIUM |
| ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | |||||
| CVE-2022-40443 | 1 Zzcms | 1 Zzcms | 2022-09-23 | N/A | 5.3 MEDIUM |
| An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | |||||
| CVE-2022-39221 | 2 Mcwebserver Minecraft Mod For Fabric And Quilt Project, Mcwebserver Minecraft Mod For Forge Project | 2 Mcwebserver Minecraft Mod For Fabric And Quilt, Mcwebserver Minecraft Mod For Forge | 2022-09-23 | N/A | 7.5 HIGH |
| McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory. | |||||
| CVE-2022-28981 | 1 Liferay | 1 Liferay Portal | 2022-09-23 | N/A | 7.5 HIGH |
| Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter. | |||||
| CVE-2022-29799 | 1 Microsoft | 1 Windows Defender For Endpoint | 2022-09-23 | N/A | 5.5 MEDIUM |
| A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. | |||||
| CVE-2022-2265 | 1 Identity And Directory Management System Project | 1 Identity And Directory Management System | 2022-09-23 | N/A | 7.5 HIGH |
| The Identity and Directory Management System developed by Çekino Bilgi Teknolojileri before version 2.1.25 has an unauthenticated Path traversal vulnerability. This has been fixed in the version 2.1.25 | |||||
| CVE-2022-41231 | 1 Jenkins | 1 Build-publisher | 2022-09-22 | N/A | 5.7 MEDIUM |
| Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint. | |||||
| CVE-2022-23767 | 2 Hanssak, Microsoft | 3 Securegate, Weblink, Windows | 2022-09-22 | N/A | 9.8 CRITICAL |
| This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victim’s system. | |||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2022-09-21 | N/A | 7.5 HIGH |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | |||||
| CVE-2022-40608 | 1 Ibm | 1 Spectrum Protect Plus | 2022-09-21 | N/A | 7.5 HIGH |
| IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873. | |||||
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2022-09-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | |||||
| CVE-2022-39210 | 1 Nextcloud | 1 Nextcloud | 2022-09-21 | N/A | 5.5 MEDIUM |
| Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue. | |||||
| CVE-2022-39001 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-09-21 | N/A | 7.5 HIGH |
| The number identification module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause data disclosure. | |||||
| CVE-2020-5410 | 1 Vmware | 1 Spring Cloud Config | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | |||||
| CVE-2020-8195 | 1 Citrix | 12 4000-wo, 4100-wo, 5000-wo and 9 more | 2022-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | |||||
| CVE-2020-3452 | 1 Cisco | 14 Adaptive Security Appliance, Asa 5505, Asa 5510 and 11 more | 2022-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. | |||||
| CVE-2022-34002 | 1 Pdssoftware | 1 Pds Vista 7 | 2022-09-19 | N/A | 6.5 MEDIUM |
| The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application. | |||||
| CVE-2022-1798 | 1 Kubevirt | 1 Kubevirt | 2022-09-19 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible. | |||||