CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,220 vulnerabilities with CWE-22
CVE-2022-39347 LOW
FreeRDP < 2.9.0 - Path Traversal via Drive Channel
CVSS 2.6
CVE-2022-43264 HIGH
Arobas Music Guitar Pro <1.10.2 - Path Traversal
CVSS 7.5
CVE-2022-45388 HIGH
Jenkins Config Rotator Plugin < 2.0.1 - Unauthenticated Arbitrary File Read via File Name Query Parameter
CVSS 7.5
CVE-2022-45381 HIGH
Jenkins Pipeline Utility Steps < 2.13.2 - Arbitrary File Read via Apache Commons Configuration Interpolator
CVSS 8.1
CVE-2022-42977 HIGH
Netic User Export for Confluence Data Center < 1.3.5 - Path Traversal via fileName Parameter
CVSS 7.5
CVE-2022-42125 HIGH
Liferay Portal 7.4.3.5-7.4.3.35 & DXP 7.4 U1-34 - Path Traversal & Arbitrary File Write
CVSS 7.5
CVE-2022-42123 HIGH
Liferay Portal 7.3.3-7.4.3.18 and DXP 7.3-7.4 - Path Traversal via Elasticsearch Sidecar Plugin Installation
CVSS 7.5
CVE-2022-45184 HIGH
PowerShell Universal 3.0.0-3.4.6 - Authenticated Path Traversal via Web Server Endpoints
CVSS 7.2
CVE-2022-3976 MEDIUM
libiec61850 < 1.5 - Path Traversal in MMS File Services
CVSS 5.5
CVE-2022-3966 MEDIUM
Ultimate Member Plugin <= 2.5.0 - Path Traversal via Template Handler tpl Argument
CVSS 4.3
CVE-2022-36400 MEDIUM
Intel NUC Kit Wireless Adapter <22.40 - Privilege Escalation
CVSS 6.7
CVE-2022-3940 LOW
ferry - Path Traversal via file_name Argument
CVSS 3.5
CVE-2022-3939 MEDIUM
ferry - Path Traversal via File Argument in API
CVSS 6.3
CVE-2022-41607 MEDIUM
ETIC Telecom RAS <4.5.0 - Path Traversal
CVSS 6.2
CVE-2022-43753 MEDIUM
SUSE spacewalk/Uyuni <4.3 - Path Traversal
CVSS 4.3
CVE-2022-39037 HIGH
Agentflow - Unauthenticated Path Traversal via BPM File Download Function
CVSS 7.5
CVE-2022-38120 MEDIUM
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
CVSS 6.5
CVE-2022-31255 MEDIUM
SUSE spacewalk/Uyuni <4.3 - Path Traversal
CVSS 4.3
CVE-2022-29836 LOW
Western Digital My Cloud Home/Duo & SanDisk ibi <8.11.0-113 Authenticated Path Traversal
CVSS 1.9
CVE-2022-41212 MEDIUM
SAP NetWeaver Application Server ABAP/ABAP Platform - Info Disclosure
CVSS 4.9
CVE-2022-34822 CRITICAL
EXPRESSCLUSTER X < 5.0 - Unauthenticated Path Traversal and Arbitrary File Write
CVSS 9.8
CVE-2022-20453 MEDIUM
Android - Local Denial of Service via MmsProvider Path Traversal
CVSS 5.5
CVE-2022-37866 HIGH
Apache Ivy 2.0.0-2.5.1 - Path Traversal via Artifact Coordinate Placeholders
CVSS 7.5
CVE-2022-37865 CRITICAL
Apache Ivy 2.4.0-2.5.0 - Path Traversal and Arbitrary File Write via Archive Extraction
CVSS 9.1
CVE-2022-2711 HIGH
WP All Import < 3.6.9 - Authenticated Path Traversal and Arbitrary File Write via Zip Archive
CVSS 7.2
Details
Vulnerabilities 9,220
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits