Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27615 | 1 Synology | 1 Dns Server | 2022-08-03 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2022-22685 | 1 Synology | 1 Webdav Server | 2022-08-03 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2022-27611 | 1 Synology | 1 Audio Station | 2022-08-03 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2022-36894 | 1 Jenkins | 1 Clif Performance Testing | 2022-08-03 | N/A | 6.5 MEDIUM |
| An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | |||||
| CVE-2022-36889 | 1 Jenkins | 1 Deployer Framework | 2022-08-03 | N/A | 8.8 HIGH |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service. | |||||
| CVE-2022-36890 | 1 Jenkins | 1 Deployer Framework | 2022-08-03 | N/A | 4.3 MEDIUM |
| Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the name of files in methods implementing form validation, allowing attackers with Item/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-34551 | 1 Sims Project | 1 Sims | 2022-08-03 | N/A | 6.5 MEDIUM |
| Sims v1.0 was discovered to allow path traversal when downloading attachments. | |||||
| CVE-2019-16776 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 6 Fedora, Npm, Leap and 3 more | 2022-08-02 | 5.5 MEDIUM | 8.1 HIGH |
| Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gain access to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | |||||
| CVE-2022-27610 | 1 Synology | 1 Diskstation Manager | 2022-08-02 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2022-1648 | 1 Pandorafms | 1 Pandora Fms | 2022-08-02 | N/A | 7.2 HIGH |
| Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. | |||||
| CVE-2020-7649 | 1 Snyk | 1 Broker | 2022-08-01 | N/A | 4.9 MEDIUM |
| This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | |||||
| CVE-2020-29134 | 1 Totvs | 1 Fluig | 2022-07-29 | 7.8 HIGH | 8.6 HIGH |
| The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 | |||||
| CVE-2020-11455 | 1 Limesurvey | 1 Limesurvey | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | |||||
| CVE-2022-2030 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2022-07-29 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. | |||||
| CVE-2022-2139 | 1 Advantech | 1 Iview | 2022-07-28 | N/A | 9.8 CRITICAL |
| The affected product is vulnerable to directory traversal, which may allow an attacker to access unauthorized files and execute arbitrary code. | |||||
| CVE-2022-0902 | 1 Abb | 14 Rmc-100, Rmc-100-lite, Rmc-100-lite Firmware and 11 more | 2022-07-28 | N/A | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | |||||
| CVE-2022-34762 | 1 Schneider-electric | 4 Opc Ua Module For M580, Opc Ua Module For M580 Firmware, X80 Advanced Rtu Module and 1 more | 2022-07-27 | N/A | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V2.01 and later), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior) | |||||
| CVE-2022-24659 | 1 Goldshell | 1 Goldshell Miner Firmware | 2022-07-27 | N/A | 7.5 HIGH |
| Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device. | |||||
| CVE-2022-1264 | 1 Inductiveautomation | 1 Ignition | 2022-07-27 | N/A | 8.8 HIGH |
| The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. | |||||
| CVE-2022-29834 | 1 Iconics | 1 Genesis64 | 2022-07-27 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen. | |||||