Lucene search
+L

13 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-48285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. CVE-2022-48285 Note that Nessus relies on the presence of the package as...

7.3CVSS6.7AI score0.01411EPSS
Exploits0References3
ibm
ibm
added 2024/11/22 3:54 a.m.20 views

Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)

Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software1
ibm
ibm
added 2024/09/12 9:26 a.m.36 views

Security Bulletin: Potential Directory Traversal Vulnerability in Apache Ant shipped with IBM Operations Analytics - Log Analysis (CVE-2022-48285)

Summary There is a potential directory traversal vulnerability via a crafted zip in Apache Ant Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with...

7.3CVSS7.5AI score0.01411EPSS
Exploits0Affected Software1
cbl_mariner
cbl_mariner
added 2023/07/28 11:16 p.m.16 views

CVE-2022-48285 affecting package mozjs60 60.9.0-11

CVE-2022-48285 affecting package mozjs60 60.9.0-11. A patched version of the package is available...

7.3CVSS7.5AI score0.01411EPSS
Exploits0
nessus
nessus
added 2023/07/26 12:0 a.m.45 views

Oracle Primavera Unifier (Jul 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface JSZip. This vulnerabilit...

7.5CVSS6.9AI score0.46836EPSS
Exploits2References5
nessus
nessus
added 2023/07/19 12:0 a.m.61 views

Oracle Primavera Gateway (Jul 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Commons Net. Supported versions that...

7.5CVSS6.5AI score0.01858EPSS
Exploits1References6
ibm
ibm
added 2023/05/31 11:41 p.m.38 views

Security Bulletin: There is a vulnerability in JSZip used by IBM Maximo Asset Management (CVE-2022-48285)

Summary There is a vulnerability in JSZip used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with loadAsync, which...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software11
ibm
ibm
added 2023/04/24 2:16 p.m.24 views

Security Bulletin: JSZip publicly disclosed vulnerability affects IBM Safer Payments (CVE-2022-48285)

Summary JSZip is used by IBM Safer Payments as part of the user interface. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when fil...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software1
vulnersosv
vulnersosv
added 2023/01/29 6:30 a.m.4 views

-temp-electron-manager-somiibo (=0.0.200), 003-gas-convert (=1.0.1) +20893 more potentially affected by CVE-2022-48285 via jszip (>=0.2.1 <=3.7.1)

jszip NPM version =0.2.1, =0.2.13, =1.0.0, =4.3.4, =1.0.0, =1.0.4 - 3llm =0.0.1 - 3vot-clay =2.0.1 - 4xx =0.0.1 - 5-ifc-check-cli =1.0.0 and more Source cves: CVE-2022-48285 Source advisory: OSV:GHSA-36FH-84J7-CV5H...

7.3CVSS6.7AI score0.01411EPSS
Exploits0
osv
osv
added 2023/01/29 5:15 a.m.9 views

AZL-57076 CVE-2022-48285 affecting package beust-jcommander 2.0-1

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References1
osv
osv
added 2023/01/29 5:15 a.m.4 views

UBUNTU-CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References6
cvelist
cvelist
added 2023/01/29 12:0 a.m.29 views

CVE-2022-48285

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.2AI score0.01411EPSS
Exploits0References5
cve
cve
added 2023/01/29 12:0 a.m.236 views

CVE-2022-48285

CVE-2022-48285 affects JSZip: the loadAsync function in JSZip before 3.8.0 can be exploited to perform a directory traversal via crafted ZIP archives, enabling access to files outside the target directory. Remediation: upgrade to JSZip 3.8.0 or later, which fixes the issue.

7.3CVSS6.8AI score0.01411EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder