CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,268 vulnerabilities with CWE-22
CVE-2018-1002209 MEDIUM
QuaZIP < 0.7.6 - Path Traversal via Zip Archive Entry Extraction
CVSS 5.5
CVE-2018-1002208 MEDIUM
SharpZipLib <1.0 RC1 - Path Traversal
CVSS 5.5
CVE-2018-1002207 MEDIUM
archiver < 2.0 - Path Traversal via Archive Entry Extraction
CVSS 5.5
CVE-2018-1002206 MEDIUM
SharpCompress <0.21.0 - Path Traversal
CVSS 5.5
CVE-2018-1002205 MEDIUM
DotNetZip.Semvered <1.11.0 - Path Traversal
CVSS 5.5
CVE-2018-1002204 MEDIUM
adm-zip < 0.4.9 - Path Traversal via Zip Archive Entry Extraction
CVSS 5.5
CVE-2018-1002203 MEDIUM
unzipper < 0.8.13 - Path Traversal via Zip Archive Entry
CVSS 5.5
CVE-2018-1002202 MEDIUM
zip4j < 1.3.3 - Path Traversal via Zip Archive Entry Extraction
CVSS 6.5
CVE-2018-1002201 MEDIUM
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
CVSS 5.5
CVE-2018-1002200 MEDIUM
Plexus-archiver <3.6.0 - Path Traversal
CVSS 5.5
CVE-2018-14573 MEDIUM
TightRope Media Carousel Digital Signage <7.3.5 - Path Traversal
CVSS 5.5
CVE-2018-1999020 MEDIUM
ONOS < 1.13.2 - Path Traversal and Arbitrary File Deletion via Crafted Zip Upload
CVSS 5.5
CVE-2018-6677 CRITICAL
McAfee Web Gateway 7.8.1.x - Authenticated Directory Traversal
CVSS 9.1
CVE-2018-3770 MEDIUM
markdown-pdf < 9.0.0 - Path Traversal via Malicious HTML Code
CVSS 5.5
CVE-2018-10870 CRITICAL
redhat-certification - Path Traversal and Arbitrary File Write in rhcertStore.py:__saveResultsFile
CVSS 9.8
CVE-2018-14364 CRITICAL
GitLab <10.7.7, <10.8.6, <11.0.4 - Path Traversal
CVSS 9.8
CVE-2018-14371 HIGH
Eclipse Mojarra <2.3.7 - Path Traversal
CVSS 7.5
CVE-2018-14363 HIGH
NeoMutt <2018-07-16 - Path Traversal
CVSS 7.5
CVE-2018-14355 MEDIUM
Mutt <1.10.1 - Path Traversal
CVSS 5.3
CVE-2018-13864 HIGH
Play Framework 2.6.12-2.6.15 - Path Traversal via Assets Controller
CVSS 7.5
CVE-2018-13980 MEDIUM
Zeta Producer < 14.2.1 - Unauthenticated Path Traversal and File Disclosure via Filebrowser Plugin
CVSS 5.5
CVE-2018-14064 CRITICAL
VelotiSmart WiFi B-380 - Path Traversal
CVSS 9.8
CVE-2018-14056 MEDIUM
ZNC < 1.7.1-rc1 - Path Traversal via Web Skin Name
CVSS 5.3
CVE-2018-1000208 HIGH
MODX Revolution <=2.6.4 - Path Traversal
CVSS 7.5
CVE-2018-14036 MEDIUM
AccountsService <0.6.50 - Path Traversal
CVSS 6.5
Details
Vulnerabilities 9,268
Exploit Likelihood High