Total
7645 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20718 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 5.5 Medium |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20677 | 1 Cisco | 62 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1101 Integrated Services Router and 59 more | 2024-11-21 | 5.5 Medium |
| Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20395 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221855295 | ||||
| CVE-2022-20220 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-219015884 | ||||
| CVE-2022-20101 | 2 Google, Mediatek | 45 Android, Mt6580, Mt6739 and 42 more | 2024-11-21 | 5.5 Medium |
| In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870. | ||||
| CVE-2022-1993 | 1 Gogs | 1 Gogs | 2024-11-21 | 8.1 High |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2024-11-21 | 9.1 Critical |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-1953 | 1 Product Configurator For Woocommerce Project | 1 Product Configurator For Woocommerce | 2024-11-21 | 9.1 Critical |
| The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first | ||||
| CVE-2022-1850 | 1 Filegator | 1 Filegator | 2024-11-21 | 8.1 High |
| Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. | ||||
| CVE-2022-1721 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application. | ||||
| CVE-2022-1664 | 2 Debian, Netapp | 3 Debian Linux, Dpkg, Ontap Select Deploy Administration Utility | 2024-11-21 | 9.8 Critical |
| Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | ||||
| CVE-2022-1648 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.7 Medium |
| Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. | ||||
| CVE-2022-1560 | 1 Amministrazione Aperta Project | 1 Amministrazione Aperta | 2024-11-21 | 6.5 Medium |
| The Amministrazione Aperta WordPress plugin before 3.8 does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected code is not reached. The issue can be exploited via the dashboard when logged in as an admin, or by making a logged in admin open a malicious link | ||||
| CVE-2022-1554 | 1 Clinical-genomics | 1 Scout | 2024-11-21 | 7.5 High |
| Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. | ||||
| CVE-2022-1392 | 1 Commoninja | 1 Videos Sync Pdf | 2024-11-21 | 7.5 High |
| The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues | ||||
| CVE-2022-1391 | 1 Kanev | 1 Cab Fare Calculator | 2024-11-21 | 9.8 Critical |
| The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. | ||||
| CVE-2022-1390 | 1 Admin Word Count Column Project | 1 Admin Word Count Column | 2024-11-21 | 9.8 Critical |
| The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running old version of PHP susceptible to the null byte technique. This could also lead to RCE by using a Phar Deserialization technique | ||||
| CVE-2022-1166 | 1 Nootheme | 1 Jobmonster | 2024-11-21 | 5.3 Medium |
| The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. | ||||
| CVE-2022-1128 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-1119 | 1 Simplefilelist | 1 Simple-file-list | 2024-11-21 | 7.5 High |
| The Simple File List WordPress plugin is vulnerable to Arbitrary File Download via theĀ eeFile parameter foundĀ in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded, in versions up to and including 3.2.7. | ||||