CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,168 vulnerabilities with CWE-22
CVE-2023-40498
CRITICAL
LG Simple Editor - Unauthenticated Remote Code Execution via Path Traversal in cp Command
CVSS 9.8
CVE-2023-40497
CRITICAL
LG Simple Editor - Unauthenticated Path Traversal and Remote Code Execution via saveXml Command
CVSS 9.8
CVE-2023-40496
HIGH
LG Simple Editor - Unauthenticated Path Traversal and Information Disclosure via copyStickerContent Command
CVSS 7.5
CVE-2023-40495
HIGH
LG Simple Editor - Unauthenticated Path Traversal and Information Disclosure via copyTemplateAll Method
CVSS 7.5
CVE-2023-40494
CRITICAL
LG Simple Editor - Unauthenticated Arbitrary File Deletion via deleteFolder Path Traversal
CVSS 9.1
CVE-2023-40493
CRITICAL
LG Simple Editor - Unauthenticated Path Traversal and Remote Code Execution via copySessionFolder Command
CVSS 9.8
CVE-2023-40492
CRITICAL
LG Simple Editor - Unauthenticated Path Traversal and Arbitrary File Deletion via deleteCheckSession
CVSS 9.1
CVE-2023-39506
HIGH
PDF-XChange Editor - Remote Code Execution via createDataObject Directory Traversal
CVSS 7.8
CVE-2023-39460
HIGH
Triangle MicroWorks SCADA Data Gateway - Path Traversal and Arbitrary File Creation via Event Log
CVSS 7.2
CVE-2023-39459
HIGH
Triangle MicroWorks SCADA Data Gateway - Path Traversal and Arbitrary File Creation via Workspace File Processing
CVSS 7.8
CVE-2023-34298
HIGH
Ivanti Pulse Secure Desktop Client < 9.1 - Local Privilege Escalation via SetupService Path Traversal
CVSS 7.8
CVE-2023-32177
HIGH
VIPRE Antivirus < 12.0.1.203 - Local Privilege Escalation via DeleteHistoryFile Directory Traversal
CVSS 7.8
CVE-2023-32176
HIGH
VIPRE Antivirus Plus < 12.0.1.203 - Local Privilege Escalation via SetPrivateConfig Path Traversal
CVSS 7.8
CVE-2023-32167
MEDIUM
D-Link D-View 8 < 2.0.1.89 - Authenticated Path Traversal and Arbitrary File Creation/Deletion via uploadMib
CVSS 6.5
CVE-2023-32166
HIGH
D-Link D-View 8 < 2.0.1.27 - Authenticated Path Traversal and Arbitrary File Creation via uploadFile Function
CVSS 8.1
CVE-2023-32165
CRITICAL
D-Link D-View 8 < 2.0.1.27 - Unauthenticated Remote Code Execution via TftpReceiveFileHandler Path Traversal
CVSS 9.8
CVE-2023-32164
HIGH
D-Link D-View 8 < 2.0.1.27 - Unauthenticated Path Traversal in TftpSendFileThread
CVSS 7.5
CVE-2023-32137
MEDIUM
D-Link DAP-1360 and DAP-2020 Firmware - Unauthenticated Path Traversal via webproc WEB_DisplayPage
CVSS 6.5
CVE-2023-27326
HIGH
Parallels Desktop < 18.1.1 (53328) - Local Privilege Escalation via Toolgate Directory Traversal
CVSS 8.2
CVE-2023-45385
HIGH
ProQuality pqprintshippinglabels <4.15.0 - Path Traversal
CVSS 7.5
CVE-2023-51365
HIGH
QNAP QTS 4.5.1-4.5.4.2626 and QTS 5.1.4.2595 - Path Traversal
CVSS 8.7
CVE-2023-51364
HIGH
QNAP QTS 4.5.1-4.5.4.2626 and QuTS hero h4.5.0-h4.5.4.2625 and QuTScloud c5.0.0.1919-c5.1.5.2650 - Path Traversal
CVSS 8.7
CVE-2023-47222
CRITICAL
QNAP Media Streaming add-on >=500.1.1.0 <500.1.1.5 - Exposure of Sensitive Information via Network
CVSS 9.6
CVE-2023-41291
MEDIUM
QuFirewall < 2.4.1 - Authenticated Path Traversal and Sensitive Data Exposure
CVSS 5.5
CVE-2023-41290
MEDIUM
QuFirewall < 2.4.1 - Authenticated Path Traversal
CVSS 4.1
Details
Vulnerabilities
9,168
Exploit Likelihood
High