Total
402 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20183 | 1 Cisco | 1 Dna Center | 2024-11-21 | 5.4 Medium |
| Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-37424 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-11-21 | 6.5 Medium |
| Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | ||||
| CVE-2022-36552 | 1 Tendacn | 2 Ac6, Ac6 Firmware | 2024-11-21 | 7.5 High |
| Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. | ||||
| CVE-2022-36306 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2024-11-21 | 6.5 Medium |
| An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models. | ||||
| CVE-2022-34049 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-11-21 | 5.3 Medium |
| An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data. | ||||
| CVE-2022-33686 | 1 Google | 1 Android | 2024-11-21 | 2.3 Low |
| Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||||
| CVE-2022-33158 | 2 Microsoft, Trendmicro | 2 Windows, Vpn Proxy One Pro | 2024-11-21 | 7.8 High |
| Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | ||||
| CVE-2022-32143 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 8.8 High |
| In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | ||||
| CVE-2022-30952 | 2 Jenkins, Redhat | 3 Blue Ocean, Ocp Tools, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | ||||
| CVE-2022-30945 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.5 High |
| Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | ||||
| CVE-2022-30428 | 1 Ginadmin Project | 1 Ginadmin | 2024-11-21 | 7.5 High |
| In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | ||||
| CVE-2022-2981 | 1 Wpchill | 1 Download Monitor | 2024-11-21 | 4.9 Medium |
| The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | ||||
| CVE-2022-2392 | 1 Lana | 1 Lana Downloads Manager | 2024-11-21 | 6.5 Medium |
| The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. | ||||
| CVE-2022-2357 | 1 Wsm Downloader Project | 1 Wsm Downloader | 2024-11-21 | 7.5 High |
| The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. | ||||
| CVE-2022-2222 | 1 Wpchill | 1 Download Monitor | 2024-11-21 | 4.9 Medium |
| The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | ||||
| CVE-2022-29720 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | ||||
| CVE-2022-29302 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 5.5 Medium |
| SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | ||||
| CVE-2022-28462 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 7.5 High |
| novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. | ||||
| CVE-2022-28445 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.5 Medium |
| KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | ||||
| CVE-2022-28002 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2024-11-21 | 7.5 High |
| Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | ||||