CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2020-3239 HIGH
Cisco UCS Director/Cisco UCS Director Express - Auth Bypass/Path T...
CVSS 8.8
CVE-2020-3177 HIGH
Cisco Unified Communications Manager - Unauthenticated Path Traversal via TAPS Interface
CVSS 7.5
CVE-2020-4272 HIGH
IBM QRadar 7.3.0-7.3.3 Patch 2 - Remote File Inclusion and Arbitrary Code Execution
CVSS 8.8
CVE-2020-10506 HIGH
School Manage System <2020 - Path Traversal
CVSS 7.5
CVE-2020-6225 HIGH
SAP NetWeaver Knowledge Management (KMC-CM 7.00-7.50, KMC-WPC 7.30-7.50) - Path Traversal
CVSS 8.8
CVE-2020-11738 HIGH KEV
Duplicator < 1.3.28 and < 3.8.7.1 - Directory Traversal via File Parameter
CVSS 7.5
CVE-2020-11736 LOW
GNOME file-roller < 3.36.1 - Directory Traversal via Symlink Parent Check Bypass
CVSS 3.9
CVE-2020-11705 CRITICAL
ProVide FTP Server < 13.1 - Authenticated Arbitrary File Overwrite via ImportCertificate fileName Parameter
CVSS 9.8
CVE-2020-10631 CRITICAL
WebAccess/NMS <3.0.2 - Path Traversal
CVSS 9.8
CVE-2020-10619 CRITICAL
WebAccess/NMS <3.0.2 - Path Traversal
CVSS 9.1
CVE-2020-10977 MEDIUM
GitLab EE/CE <12.9 - Path Traversal
CVSS 5.5
CVE-2020-10366 HIGH
LogicalDoc < 8.3.3 - Path Traversal via /servlet.gupld
CVSS 7.5
CVE-2020-6974 CRITICAL
Honeywell Notifier Web Server < 3.50 - Path Traversal
CVSS 9.8
CVE-2020-11596 HIGH
CIPPlanner CIPAce < 9.1 - Unauthenticated Directory Traversal
CVSS 7.5
CVE-2020-7008 HIGH
VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module - Path Traversal via URL Input
CVSS 7.5
CVE-2020-11498 HIGH
Slack Nebula < 1.1.0 - Path Traversal and Arbitrary Code Execution via tun_darwin.go or tun_windows.go
CVSS 8.8
CVE-2020-11491 MEDIUM
zen_load_balancer 3.10.1 - Authenticated Path Traversal via Monitoring Logs
CVSS 4.9
CVE-2020-8144 HIGH
UniFi Video Server <3.9.3 - Path Traversal
CVSS 8.4
CVE-2020-11455 CRITICAL
LimeSurvey < 4.1.12+200324 - Path Traversal in LimeSurveyFileManager
CVSS 9.8
CVE-2020-10696 HIGH
buildah < 1.14.5 - Path Traversal via Malicious Container Image
CVSS 8.8
CVE-2020-4240 MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Path Traversal and Arbitrary File Write
CVSS 6.5
CVE-2020-11414 HIGH
Telerik UI for Silverlight < 2020.1.330 - Path Traversal via RadUploadHandler
CVSS 7.5
CVE-2020-5284 MEDIUM
Next.js < 9.3.2 - Path Traversal in Dist Directory
CVSS 4.4
CVE-2020-10953 HIGH
GitLab 11.7.0-12.9 - Path Traversal via NPM Feature
CVSS 7.5
CVE-2020-5280 HIGH
http4s < 0.18.26 - Path Traversal via URI Normalization Bypass
CVSS 7.6
Details
Vulnerabilities 9,261
Exploit Likelihood High