Vulnerabilities (CVE)

Filtered by CWE-22
Total 4376 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2119 2022-06-24 N/A N/A
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.
CVE-2022-1518 2022-06-24 N/A N/A
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure.
CVE-2022-34179 2022-06-23 N/A N/A
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system.
CVE-2022-34170 2022-06-23 N/A N/A
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2022-34173 2022-06-23 N/A N/A
In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2022-34172 2022-06-23 N/A N/A
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.
CVE-2022-34171 2022-06-23 N/A N/A
In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.
CVE-2021-33036 1 Apache 1 Hadoop 2022-06-23 9.0 HIGH 8.8 HIGH
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
CVE-2018-1271 2 Oracle, Vmware 28 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 25 more 2022-06-23 4.3 MEDIUM 5.9 MEDIUM
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
CVE-2021-3907 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2022-06-23 7.5 HIGH 9.8 CRITICAL
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
CVE-2022-27657 1 Sap 1 Focused Run 2022-06-21 4.0 MEDIUM 2.7 LOW
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
CVE-2022-1657 1 Artbees 2 Jupiter, Jupiterx 2022-06-21 6.5 MEDIUM 8.8 HIGH
Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function.
CVE-2022-31062 2022-06-21 N/A N/A
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
CVE-2022-26041 1 Generex 1 Rccmd 2022-06-17 5.5 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors.
CVE-2022-24278 1 Convert-svg Project 1 Convert-svg 2022-06-17 7.5 HIGH 9.8 CRITICAL
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
CVE-2022-29093 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2022-06-17 3.6 LOW 7.1 HIGH
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.
CVE-2022-29094 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2022-06-17 3.6 LOW 7.1 HIGH
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.
CVE-2022-24840 1 Django-s3file Project 1 Django-s3file 2022-06-17 7.5 HIGH 9.8 CRITICAL
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version.
CVE-2021-42811 1 Thalesgroup 1 Safenet Keysecure 2022-06-17 4.0 MEDIUM 6.5 MEDIUM
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.
CVE-2022-31483 2 Carrier, Hidglobal 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more 2022-06-17 9.0 HIGH 8.8 HIGH
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.