Total
7224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38451 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-38424 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.2 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38423 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 4.9 MEDIUM |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38422 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.5 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-38421 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 7.2 HIGH |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. | |||||
| CVE-2022-38418 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A | 9.8 CRITICAL |
| Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-38301 | 1 Onedev Project | 1 Onedev | 2024-11-21 | N/A | 8.8 HIGH |
| Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | |||||
| CVE-2022-38258 | 1 Dlink | 2 Dir-819, Dir-819 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service (DoS) or access sensitive server information via manipulation of the getpage parameter in a crafted web request. | |||||
| CVE-2022-38205 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 8.6 HIGH |
| In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). | |||||
| CVE-2022-38202 | 1 Esri | 1 Arcgis Server | 2024-11-21 | N/A | 7.5 HIGH |
| There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets). | |||||
| CVE-2022-38196 | 1 Esri | 1 Arcgis Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated attacker to overwrite internal ArcGIS Server directory. | |||||
| CVE-2022-38129 | 1 Keysight | 1 Sensor Management Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host. | |||||
| CVE-2022-38120 | 1 Upspowercom | 1 Upsmon Pro | 2024-11-21 | N/A | 6.5 MEDIUM |
| UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files. | |||||
| CVE-2022-38088 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-37703 | 1 Amanda | 1 Amanda | 2024-11-21 | N/A | 3.3 LOW |
| In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. | |||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2024-11-21 | N/A | 7.5 HIGH |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | |||||
| CVE-2022-37681 | 1 Hitachi | 2 Hc-ip9100hd, Hc-ip9100hd Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue. | |||||
| CVE-2022-37423 | 1 Neo4j | 1 Awesome Procedures On Cypher | 2024-11-21 | N/A | 7.5 HIGH |
| Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | |||||
| CVE-2022-37422 | 1 Payara | 1 Payara | 2024-11-21 | N/A | 7.5 HIGH |
| Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | |||||
| CVE-2022-37299 | 1 Shirne Cms Project | 1 Shirne Cms | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | |||||