Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-10 | CVE-2022-2981 | Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.9 |
| 2022-09-29 | CVE-2022-40126 | Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. | 7.8 |
| 2022-09-28 | CVE-2022-3287 | Files or Directories Accessible to External Parties vulnerability in Fwupd When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | 6.5 |
| 2022-09-25 | CVE-2022-41343 | Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 7.5 |
| 2022-09-13 | CVE-2022-39208 | Files or Directories Accessible to External Parties vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 7.5 |
| 2022-08-30 | CVE-2022-36552 | Files or Directories Accessible to External Parties vulnerability in Tendacn AC6 Firmware Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. | 7.5 |
| 2022-08-29 | CVE-2022-1117 | Files or Directories Accessible to External Parties vulnerability in Fapolicyd Project Fapolicyd A vulnerability was found in fapolicyd. | 8.4 |
| 2022-08-25 | CVE-2021-4112 | Files or Directories Accessible to External Parties vulnerability in Redhat products A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. | 8.8 |
| 2022-08-23 | CVE-2021-3995 | Files or Directories Accessible to External Parties vulnerability in multiple products A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. | 5.5 |
| 2022-08-23 | CVE-2021-3996 | Files or Directories Accessible to External Parties vulnerability in multiple products A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. | 5.5 |