Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31539 | 1 Kotekan Project | 1 Kotekan | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31537 | 1 Solar-system-simulator Project | 1 Solar-system-simulator | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-32275 | 1 Grafana | 1 Grafana | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. | |||||
| CVE-2022-31535 | 1 Fishtank Project | 1 Fishtank | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31536 | 1 Ytdl-sync Project | 1 Ytdl-sync | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31534 | 1 Pythonweb Project | 1 Pythonweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31533 | 1 Umbral Project | 1 Umbral | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31559 | 1 Flask-yeoman Project | 1 Flask-yeoman | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31560 | 1 Photo Tag Project | 1 Photo Tag | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31562 | 1 Internshipsystem Project | 1 Internshipsystem | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31561 | 1 Sphere Imagebackend Project | 1 Sphere Imagebackend | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31564 | 1 Munhak | 1 Munhak-moa | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31563 | 1 Vprj Project | 1 Vprj | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31566 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2022-07-15 | 5.0 MEDIUM | 8.6 HIGH |
| The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31565 | 1 Syrabond Project | 1 Syrabond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31502 | 1 Wormnest Project | 1 Wormnest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31501 | 1 Onyxforum Project | 1 Onyxforum | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31506 | 1 Cmu | 1 Opendiamond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31505 | 1 Mercadoenlineaback Project | 1 Mercadoenlineaback | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31504 | 1 Baiduwenkuspider Flaskweb Project | 1 Baiduwenkuspider Flaskweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31503 | 1 Orchest | 1 Orchest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31509 | 1 Iedadata | 1 Usap-dc Web Submission And Dataset Search | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31508 | 1 Idayrus | 1 E-voting | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31510 | 1 Simple-rat Project | 1 Simple-rat | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31507 | 1 Ganga Project | 1 Ganga | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31514 | 1 Fan Platform Project | 1 Fan Platform | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31512 | 1 Flask-mvc Project | 1 Flask-mvc | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31513 | 1 Krypton Project | 1 Krypton | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31511 | 1 Equanimity Project | 1 Equanimity | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31516 | 1 Harveyzyh Python Project | 1 Harveyzyh Python | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31517 | 1 Mercury Sample Manager Project | 1 Mercury Sample Manager | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31515 | 1 Carceresbe Project | 1 Carceresbe | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31520 | 1 Logstash-management-api Project | 1 Logstash-management-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31519 | 1 Windmill Project | 1 Windmill | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31518 | 1 Python-recipe-database Project | 1 Python-recipe-database | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31523 | 1 Paddlepaddle | 1 Anakin | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31522 | 1 Karaokey Project | 1 Karaokey | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31521 | 1 Mosaic Project | 1 Mosaic | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31526 | 1 Thunderatz | 1 Thunderdocs | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31525 | 1 Deep Learning Studio Project | 1 Deep Learning Studio | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31524 | 1 Purestorage | 1 Pure Swagger | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31529 | 1 Monorepo Project | 1 Monorepo | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31528 | 1 Bonn Activity Maps Annotation Tool Project | 1 Bonn Activity Maps Annotation Tool | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31527 | 1 Flask-file-server Project | 1 Flask-file-server | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-20862 | 1 Cisco | 1 Unified Communications Manager | 2022-07-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system. | |||||
| CVE-2021-20023 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2022-07-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | |||||
| CVE-2022-20812 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2022-07-14 | 8.5 HIGH | 6.5 MEDIUM |
| Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20791 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2022-07-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability. | |||||
| CVE-2022-25046 | 1 Control-webpanel | 1 Webpanel | 2022-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. | |||||
| CVE-2022-31836 | 1 Beego | 1 Beego | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. | |||||