CWE-22
High likelihoodImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
9,268 vulnerabilities with CWE-22
CVE-2018-1002209
MEDIUM
QuaZIP < 0.7.6 - Path Traversal via Zip Archive Entry Extraction
CVSS 5.5
CVE-2018-1002208
MEDIUM
SharpZipLib <1.0 RC1 - Path Traversal
CVSS 5.5
CVE-2018-1002207
MEDIUM
archiver < 2.0 - Path Traversal via Archive Entry Extraction
CVSS 5.5
CVE-2018-1002206
MEDIUM
SharpCompress <0.21.0 - Path Traversal
CVSS 5.5
CVE-2018-1002205
MEDIUM
DotNetZip.Semvered <1.11.0 - Path Traversal
CVSS 5.5
CVE-2018-1002204
MEDIUM
adm-zip < 0.4.9 - Path Traversal via Zip Archive Entry Extraction
CVSS 5.5
CVE-2018-1002203
MEDIUM
unzipper < 0.8.13 - Path Traversal via Zip Archive Entry
CVSS 5.5
CVE-2018-1002202
MEDIUM
zip4j < 1.3.3 - Path Traversal via Zip Archive Entry Extraction
CVSS 6.5
CVE-2018-1002201
MEDIUM
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
CVSS 5.5
CVE-2018-1002200
MEDIUM
Plexus-archiver <3.6.0 - Path Traversal
CVSS 5.5
CVE-2018-14573
MEDIUM
TightRope Media Carousel Digital Signage <7.3.5 - Path Traversal
CVSS 5.5
CVE-2018-1999020
MEDIUM
ONOS < 1.13.2 - Path Traversal and Arbitrary File Deletion via Crafted Zip Upload
CVSS 5.5
CVE-2018-6677
CRITICAL
McAfee Web Gateway 7.8.1.x - Authenticated Directory Traversal
CVSS 9.1
CVE-2018-3770
MEDIUM
markdown-pdf < 9.0.0 - Path Traversal via Malicious HTML Code
CVSS 5.5
CVE-2018-10870
CRITICAL
redhat-certification - Path Traversal and Arbitrary File Write in rhcertStore.py:__saveResultsFile
CVSS 9.8
CVE-2018-14364
CRITICAL
GitLab <10.7.7, <10.8.6, <11.0.4 - Path Traversal
CVSS 9.8
CVE-2018-14371
HIGH
Eclipse Mojarra <2.3.7 - Path Traversal
CVSS 7.5
CVE-2018-14363
HIGH
NeoMutt <2018-07-16 - Path Traversal
CVSS 7.5
CVE-2018-14355
MEDIUM
Mutt <1.10.1 - Path Traversal
CVSS 5.3
CVE-2018-13864
HIGH
Play Framework 2.6.12-2.6.15 - Path Traversal via Assets Controller
CVSS 7.5
CVE-2018-13980
MEDIUM
Zeta Producer < 14.2.1 - Unauthenticated Path Traversal and File Disclosure via Filebrowser Plugin
CVSS 5.5
CVE-2018-14064
CRITICAL
VelotiSmart WiFi B-380 - Path Traversal
CVSS 9.8
CVE-2018-14056
MEDIUM
ZNC < 1.7.1-rc1 - Path Traversal via Web Skin Name
CVSS 5.3
CVE-2018-1000208
HIGH
MODX Revolution <=2.6.4 - Path Traversal
CVSS 7.5
CVE-2018-14036
MEDIUM
AccountsService <0.6.50 - Path Traversal
CVSS 6.5
Details
Vulnerabilities
9,268
Exploit Likelihood
High