Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31163 | 2022-07-22 | N/A | N/A | ||
| TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source, time zones are defined in Ruby files. There is one file per time zone. Time zone files are loaded with `require` on demand. In the affected versions, `TZInfo::Timezone.get` fails to validate time zone identifiers correctly, allowing a new line character within the identifier. With Ruby version 1.9.3 and later, `TZInfo::Timezone.get` can be made to load unintended files with `require`, executing them within the Ruby process. Versions 0.3.61 and 1.2.10 include fixes to correctly validate time zone identifiers. Versions 2.0.0 and later are not vulnerable. Version 0.3.61 can still load arbitrary files from the Ruby load path if their name follows the rules for a valid time zone identifier and the file has a prefix of `tzinfo/definition` within a directory in the load path. Applications should ensure that untrusted files are not placed in a directory on the load path. As a workaround, the time zone identifier can be validated before passing to `TZInfo::Timezone.get` by ensuring it matches the regular expression `\A[A-Za-z0-9+\-_]+(?:\/[A-Za-z0-9+\-_]+)*\z`. | |||||
| CVE-2022-31202 | 1 Monitoringsoft | 1 Softguard Web | 2022-07-21 | N/A | 6.5 MEDIUM |
| The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl. | |||||
| CVE-2021-21909 | 1 Garrett | 2 Ic Module, Ic Module Firmware | 2022-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability | |||||
| CVE-2021-21908 | 1 Garrett | 2 Ic Module, Ic Module Firmware | 2022-07-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files. | |||||
| CVE-2022-35410 | 2 0xacab, Debian | 2 Mat2, Debian Linux | 2022-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive. | |||||
| CVE-2022-35861 | 1 Pyenv Project | 1 Pyenv | 2022-07-18 | 4.6 MEDIUM | 7.8 HIGH |
| pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) | |||||
| CVE-2022-31558 | 1 Shiva-server Project | 1 Shiva-server | 2022-07-16 | 6.4 MEDIUM | 9.3 CRITICAL |
| The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31557 | 1 Golem Project | 1 Golem | 2022-07-16 | 6.4 MEDIUM | 9.3 CRITICAL |
| The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31532 | 1 Travel Blahg Project | 1 Travel Blahg | 2022-07-16 | 6.4 MEDIUM | 9.3 CRITICAL |
| The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31530 | 1 Csm Server Project | 1 Csm Server | 2022-07-16 | 6.4 MEDIUM | 9.3 CRITICAL |
| The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31531 | 1 Dainst | 1 Cilantro | 2022-07-16 | 6.4 MEDIUM | 9.3 CRITICAL |
| The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31588 | 1 Testplatform Project | 1 Testplatform | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31567 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31544 | 1 Xtomo | 1 Robo-tom | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31587 | 1 Kg-fashion-chatbot Project | 1 Kg-fashion-chatbot | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31586 | 1 Changepop-back Project | 1 Changepop-back | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31585 | 1 Home Internet Project | 1 Home Internet | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31583 | 1 Automatedquizeval Project | 1 Automatedquizeval | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31582 | 1 Videoserver Project | 1 Videoserver | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31584 | 1 S3label Project | 1 S3label | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31581 | 1 Scorelab | 1 Openmf | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31579 | 1 Iasset Project | 1 Iasset | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31578 | 1 Bt Lnmp Project | 1 Bt Lnmp | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31577 | 1 Audio Aligner App Project | 1 Audio Aligner App | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31576 | 1 Shackerpanel Project | 1 Shackerpanel | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31580 | 1 Caretakerr-api Project | 1 Caretakerr-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31575 | 1 Livro Python Project | 1 Livro Python | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31573 | 1 Chainer | 1 Chainerrl-visualizer | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31574 | 1 Realestate Project | 1 Realestate | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31572 | 1 Cockybook Project | 1 Cockybook | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31571 | 1 Python-flask-restful-api Project | 1 Python-flask-restful-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31570 | 1 Ceneo-web-scrapper Project | 1 Ceneo-web-scrapper | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31568 | 1 Rexians | 1 Rex-web | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31556 | 1 Trainenergyserver Project | 1 Trainenergyserver | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31555 | 1 Nurse Quest Project | 1 Nurse Quest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31554 | 1 Movie-review-sentiment-analysis Project | 1 Movie-review-sentiment-analysis | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31551 | 1 Flask-mongo-skel Project | 1 Flask-mongo-skel | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31553 | 1 Sleep Learner Project | 1 Sleep Learner | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31552 | 1 Anuvaad-corpus Project | 1 Anuvaad-corpus | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31550 | 1 Python Athena Stack Project | 1 Python Athena Stack | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31549 | 1 Helm-flask-celery Project | 1 Helm-flask-celery | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31548 | 1 Homepage Project | 1 Homepage | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31547 | 1 Sphere Project | 1 Sphere | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31546 | 1 Glance Project | 1 Glance | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31545 | 1 Modelconverter Project | 1 Modelconverter | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31542 | 1 Mdweb Project | 1 Mdweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31543 | 1 Setupbox Project | 1 Setupbox | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31541 | 1 Barry Voice Assistant Project | 1 Barry Voice Assistant | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31540 | 1 Hin-eng-preprocessing Project | 1 Hin-eng-preprocessing | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31538 | 1 Mp-m08-interface Project | 1 Mp-m08-interface | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||