CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,256 vulnerabilities with CWE-22
CVE-2020-11652 MEDIUM KEV
SaltStack Salt < 2019.2.4 - Authenticated Path Traversal via ClearFuncs Methods
CVSS 6.5
CVE-2020-10691 MEDIUM
Ansible-engine <2.9.7 - Path Traversal
CVSS 5.2
CVE-2020-12479 HIGH
TeamPass 2.1.27.36 - Path Traversal
CVSS 8.8
CVE-2020-12251 LOW
Gigamon GigaVUE 5.4-5.4.04 - Authenticated Path Traversal and Arbitrary File Write via Upload Filename Manipulation
CVSS 2.2
CVE-2020-12447 HIGH
Onkyo TX-NR585 Firmware - Unauthenticated Local File Inclusion via URL-Encoded Path Traversal
CVSS 7.5
CVE-2020-12443 CRITICAL
BigBlueButton <2.2.6 - Privilege Escalation
CVSS 9.8
CVE-2020-12103 HIGH
Tiny File Manager 2.4.1 - Authenticated Path Traversal via Backup Copy Functionality
CVSS 7.7
CVE-2020-12102 HIGH
Tiny File Manager 2.4.1 - Authenticated Path Traversal via AJAX Recursive Directory Listing
CVSS 7.7
CVE-2020-11420 MEDIUM
ABB CS141 Firmware 1.66-1.88 and Generex CS141 Firmware < 1.90 - Authenticated Path Traversal
CVSS 6.5
CVE-2020-12265 CRITICAL
decompress < 4.2.1 - Arbitrary File Write via Symlink Path Traversal
CVSS 9.8
CVE-2020-6828 HIGH
Firefox ESR < 68.7.0 - Path Traversal and Arbitrary File Write via Malicious Android Intent
CVSS 7.5
CVE-2020-12128 HIGH
File Transfer iFamily 2.1 - Path Traversal via ./etc/ Path
CVSS 7.5
CVE-2020-12112 HIGH
BigBlueButton < 2.2.5 - Path Traversal
CVSS 7.5
CVE-2020-1699 HIGH
Ceph 14.2.5-14.2.6 and 15.0.0 - Unauthenticated Path Traversal
CVSS 7.5
CVE-2020-11819 CRITICAL
Rukovoditel 2.5.2 - Remote Code Execution via Language File Path Traversal
CVSS 9.8
CVE-2020-3252 MEDIUM
Cisco UCS Director - Auth Bypass/Path Traversal
CVSS 6.5
CVE-2020-3251 HIGH
Cisco UCS Director - Auth Bypass/Path Traversal
CVSS 8.8
CVE-2020-3249 HIGH
Cisco UCS Director - Auth Bypass/Path Traversal
CVSS 7.5
CVE-2020-3248 CRITICAL
Cisco UCS Director - Auth Bypass/Path Traversal
CVSS 9.8
CVE-2020-3247 CRITICAL
Cisco UCS Director - Auth Bypass/Path Traversal
CVSS 9.8
CVE-2020-3239 HIGH
Cisco UCS Director/Cisco UCS Director Express - Auth Bypass/Path T...
CVSS 8.8
CVE-2020-3177 HIGH
Cisco Unified Communications Manager - Unauthenticated Path Traversal via TAPS Interface
CVSS 7.5
CVE-2020-4272 HIGH
IBM QRadar 7.3.0-7.3.3 Patch 2 - Remote File Inclusion and Arbitrary Code Execution
CVSS 8.8
CVE-2020-10506 HIGH
School Manage System <2020 - Path Traversal
CVSS 7.5
CVE-2020-6225 HIGH
SAP NetWeaver Knowledge Management (KMC-CM 7.00-7.50, KMC-WPC 7.30-7.50) - Path Traversal
CVSS 8.8
Details
Vulnerabilities 9,256
Exploit Likelihood High