Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46902 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination. | |||||
| CVE-2022-46900 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters. | |||||
| CVE-2022-46898 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database. | |||||
| CVE-2022-46835 | 1 Sailpoint | 1 Identityiq | 2024-11-21 | N/A | 8.8 HIGH |
| IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | |||||
| CVE-2022-46826 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | N/A | 6.2 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability. | |||||
| CVE-2022-46309 | 1 Vitalsesp | 1 Vitals Esp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files. | |||||
| CVE-2022-46306 | 1 Changingtec | 1 Servisign | 2024-11-21 | N/A | 8.8 HIGH |
| ChangingTec ServiSign component has a path traversal vulnerability due to insufficient filtering for special characters in the DLL file path. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers the component to load malicious DLL files under arbitrary file path and allows the attacker to perform arbitrary system operation and disrupt of service. | |||||
| CVE-2022-46305 | 1 Changingtec | 1 Servisign | 2024-11-21 | N/A | 6.5 MEDIUM |
| ChangingTec ServiSign component has a path traversal vulnerability. An unauthenticated LAN attacker can exploit this vulnerability to bypass authentication and access arbitrary system files. | |||||
| CVE-2022-46178 | 1 Metersphere | 1 Metersphere | 2024-11-21 | N/A | 7.4 HIGH |
| MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability has been fixed in v2.5.1. There are no workarounds. | |||||
| CVE-2022-46171 | 1 Tauri | 1 Tauri | 2024-11-21 | N/A | 6.8 MEDIUM |
| Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]` match file path literals and leading dots by default, which unintentionally exposes sub folder content of allowed paths. Scopes without the wildcards are not affected. As `**` allows for sub directories the behavior there is also as expected. The issue has been patched in the latest release and was backported into the currently supported 1.x branches. There are no known workarounds at the time of publication. | |||||
| CVE-2022-46154 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | N/A | 8.6 HIGH |
| Kodexplorer is a chinese language web based file manager and browser based code editor. Versions prior to 4.50 did not prevent unauthenticated users from requesting arbitrary files from the host OS file system. As a result any files available to the host process may be accessed by arbitrary users. This issue has been addressed in version 4.50. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-45921 | 1 Fusionauth | 1 Fusionauth | 2024-11-21 | N/A | 7.5 HIGH |
| FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. To be specific, an attacker may be able to view or retrieve any file readable by the user running the FusionAuth process. | |||||
| CVE-2022-45852 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FormAssembly / Drew Buschhorn WP-FormAssembly allows Path Traversal.This issue affects WP-FormAssembly: from n/a through 2.0.5. | |||||
| CVE-2022-45833 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-11-21 | N/A | 6.8 MEDIUM |
| Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on WordPress. | |||||
| CVE-2022-45829 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-11-21 | N/A | 8.7 HIGH |
| Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 at WordPress. | |||||
| CVE-2022-45792 | 1 Omron | 1 Sysmac Studio | 2024-11-21 | N/A | 7.8 HIGH |
| Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. | |||||
| CVE-2022-45447 | 1 Prestashop | 1 M4 Pdf | 2024-11-21 | N/A | 6.5 MEDIUM |
| M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists. | |||||
| CVE-2022-45381 | 1 Jenkins | 1 Pipeline Utility Steps | 2024-11-21 | N/A | 8.1 HIGH |
| Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary files from the Jenkins controller file system. | |||||
| CVE-2022-45374 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. | |||||
| CVE-2022-45368 | 2024-11-21 | N/A | 7.7 HIGH | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Application: from n/a through 1.75. | |||||