CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,261 vulnerabilities with CWE-22
CVE-2019-14312 MEDIUM
Aptana Jaxer 1.0.3.4547 - Info Disclosure
CVSS 6.5
CVE-2019-1952 MEDIUM
Cisco Enterprise NFV Infrastructure Software < 3.10.1 - Authenticated Path Traversal via CLI Command Arguments
CVSS 6.7
CVE-2019-14701 HIGH
MicroDigital N-series <6400.0.8.5 - DoS
CVSS 7.5
CVE-2019-14700 HIGH
MicroDigital N-series <6400.0.8.5 - Path Traversal
CVSS 7.5
CVE-2019-14521 HIGH
EMCA Energy Logserver 6.1.2 - Path Traversal
CVSS 7.5
CVE-2019-7859 HIGH
Magento <2.1.18-2.3.2 - Path Traversal
CVSS 7.5
CVE-2019-10168 HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10167 HIGH
libvirt <4.10.1-5.4.1 - Code Injection
CVSS 7.8
CVE-2019-10185 HIGH
Icedtea-web <1.7.2-1.8.2 - Path Traversal
CVSS 8.6
CVE-2019-10182 HIGH
Icedtea-web <1.7.2, 1.8.2 - Path Traversal
CVSS 8.2
CVE-2019-14452 HIGH
Sigil < 0.9.16 - Path Traversal and Arbitrary File Write via ZIP Archive Extraction
CVSS 7.5
CVE-2019-10161 HIGH
libvirtd <4.10.1-5.4.1 - Info Disclosure
CVSS 7.8
CVE-2019-10152 HIGH
libpod < 1.4.0 - Path Traversal and Arbitrary File Write via Symlink Handling
CVSS 7.2
CVE-2019-13635 CRITICAL
WP Fastest Cache <0.8.9.5 - Path Traversal
CVSS 9.1
CVE-2019-14418 HIGH
Veritas Resiliency Platform <3.4 HF1 - Path Traversal
CVSS 8.8
CVE-2019-6726 MEDIUM
WP Fastest Cache < 0.8.9.0 - Unauthenticated Arbitrary File Deletion via HTTP Referer Header
CVSS 6.5
CVE-2019-1020001 HIGH
yard < 0.9.20 - Path Traversal
CVSS 7.5
CVE-2019-14362 MEDIUM
Openbravo ERP <3.0PR19Q1.3 - Path Traversal
CVSS 5.4
CVE-2019-14322 HIGH
Pallets Werkzeug <0.15.5 - Path Traversal
CVSS 7.5
CVE-2019-10265 HIGH
Ahsay Cloud Backup Suite < 8.1.1.50 - Path Traversal via File Explorer Directory Manipulation
CVSS 7.5
CVE-2019-13385 MEDIUM
Webpanel - Path Traversal
CVSS 4.3
CVE-2019-1010205 HIGH
LINAGORA hublin - Path Traversal in Web-View Renderer
CVSS 7.5
CVE-2019-14240 HIGH
WCMS 0.3.2 - Cross-Site Request Forgery and Path Traversal via /wex/html.php
CVSS 8.1
CVE-2019-14206 HIGH
Nevma Adaptive Images <0.6.67 - Privilege Escalation
CVSS 7.5
CVE-2019-14205 HIGH
Nevma Adaptive Images <0.6.67 - Local File Inclusion
CVSS 7.5
Details
Vulnerabilities 9,261
Exploit Likelihood High