Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
file::path vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-37404
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop
7.5
CVSSv3
CVE-2022-24241
ACEweb Online Portal 3.5.065 exists to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
Aceware Aceweb Online Portal
7.5
CVSSv3
CVE-2022-24581
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Onlin...
Aceware Aceweb Online Portal
3.3
CVSSv3
CVE-2022-28784
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows malicious users to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
Google Android 10.0
Google Android 11.0
Google Android 12.0
9.8
CVSSv3
CVE-2022-24883
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affect...
Freerdp Freerdp
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2022-24826
On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found in `PATH`, the `..exe` program will be executed, permitting the malicious user to execute arbitrary code. This does not affect Unix systems....
Git Large File Storage Project Git Large File Storage
8.8
CVSSv3
CVE-2022-24854
Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, ...
Metabase Metabase
5
CVSSv3
CVE-2022-25166
An issue exists in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an...
Amazon Aws Client Vpn 2.0.0
4.3
CVSSv3
CVE-2022-28147
A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and previous versions allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Jenkins Continuous Integration With Toad Edge
5.4
CVSSv3
CVE-2022-28159
Jenkins Tests Selector Plugin 1.3.3 and previous versions does not escape the Properties File Path option for Choosing Tests parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Jenkins Tests Selector
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »