• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-22

CVE-2022-29970

February 23, 2023 by godfreyd94

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

CVE-2022-29844

February 23, 2023 by godfreyd94

A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.

CVE-2022-29774

February 23, 2023 by godfreyd94

iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal.

CVE-2022-29799

February 23, 2023 by godfreyd94

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.

CVE-2022-29804

February 23, 2023 by godfreyd94

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

CVE-2022-29806

February 23, 2023 by godfreyd94

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 469
  • Go to page 470
  • Go to page 471
  • Go to page 472
  • Go to page 473
  • Interim pages omitted …
  • Go to page 514
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE