Total
7220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29836 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2024-11-21 | N/A | 1.9 LOW |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. | |||||
| CVE-2022-29834 | 1 Iconics | 1 Genesis64 | 2024-11-21 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen. | |||||
| CVE-2022-29806 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. | |||||
| CVE-2022-29804 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | |||||
| CVE-2022-29774 | 1 Ispyconnect | 1 Ispy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. | |||||
| CVE-2022-29597 | 1 Solutions-atlantic | 1 Regulatory Reporting System | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. | |||||
| CVE-2022-29596 | 1 Microstrategy | 1 Enterprise Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal. | |||||
| CVE-2022-29580 | 1 Google | 1 Google Search | 2024-11-21 | N/A | 8.9 HIGH |
| There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41 | |||||
| CVE-2022-29517 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | N/A | 9.9 CRITICAL |
| A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-29511 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | N/A | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the KnowledgebasePageActions.aspx ImportArticles functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-29509 | 1 Tandd | 3 T\&d Server, Thermo Recorder Data Server, Thermo Recorder Data Server Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2022-29474 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2022-29332 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | |||||
| CVE-2022-29298 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | |||||
| CVE-2022-29281 | 1 Notable | 1 Notable | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | |||||
| CVE-2022-29253 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. | |||||
| CVE-2022-29097 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | |||||
| CVE-2022-29094 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. | |||||
| CVE-2022-29093 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 6.3 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||