CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,283 vulnerabilities with CWE-22
CVE-2017-8805 CRITICAL
Debian ftpsync < 20171017 - Path Traversal via Unsafe Rsync Links
CVSS 9.1
CVE-2017-9367 CRITICAL
BlackBerry Workspaces Server - Path Traversal
CVSS 9.8
CVE-2017-15363 HIGH
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
CVSS 7.5
CVE-2017-15276 HIGH
OpenText Documentum Content Server < 7.3 - Authenticated Path Traversal via TAR Archive Symlinks
CVSS 8.8
CVE-2017-12188 HIGH
Linux kernel <4.13.5 - Privilege Escalation
CVSS 7.8
CVE-2017-14614 MEDIUM
GridGain <1.7.16, <1.8.12, <1.9.7, <8.1.5 - Path Traversal
CVSS 6.5
CVE-2017-15079 HIGH
Smush Image Compression and Optimization < 2.7.5 - Path Traversal
CVSS 7.5
CVE-2017-13996 HIGH
LOYTEC LVIS-3ME <6.2.0 - Path Traversal
CVSS 8.8
CVE-2017-12263 HIGH
Cisco License Manager - Path Traversal
CVSS 7.5
CVE-2017-14754 MEDIUM
OpenText Document Sciences xPression < 4.5 - Authenticated Arbitrary File Read via xsd_datasource_schema_file Parameter
CVSS 6.5
CVE-2017-13985 MEDIUM
HPE BSM Platform Application Performance Management System Health 9.26, 9.30, 9.40 - Path Traversal
CVSS 6.5
CVE-2017-13982 HIGH
HPE BSM <9.26-9.40 - Path Traversal
CVSS 8.8
CVE-2017-1577 HIGH
IBM WebSphere Portal 7.0, 8.0, 8.5, 9.0 - Path Traversal via Dot Dot Sequences
CVSS 7.5
CVE-2017-14849 HIGH
Node.js <8.6.0 - Directory Traversal
CVSS 7.5
CVE-2017-7974 CRITICAL
Schneider Electric U.motion Builder <= 1.2.1 - Unauthenticated Path Traversal and Arbitrary File Read
CVSS 9.8
CVE-2017-14722 HIGH
WordPress < 4.8.2 - Path Traversal via Customizer Theme Filename
CVSS 7.5
CVE-2017-14719 HIGH
WordPress < 4.8.2 - Path Traversal via Unzip Operations
CVSS 7.5
CVE-2017-8007 HIGH
EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) Path Traversal via Webservice Gateway
CVSS 8.8
CVE-2017-10931 HIGH
ZTE ZXR10 Firmware < 3.00.40 - Unauthenticated Path Traversal and Information Disclosure
CVSS 7.5
CVE-2017-14514 HIGH
Tenda W15E <15.11.0.14 - Path Traversal
CVSS 7.5
CVE-2017-14513 MEDIUM
MetInfo 5.3.17 - Path Traversal via f_filename Parameter
CVSS 5.3
CVE-2017-11162 MEDIUM
Synology Photo Station < 6.7.4-3433 and 6.3-2968 - Authenticated Path Traversal
CVSS 6.5
CVE-2017-14120 HIGH
unrar 0.0.1 - Path Traversal via RAR v2 Archive Extraction
CVSS 7.5
CVE-2017-0901 HIGH
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
CVSS 7.5
CVE-2017-13780 HIGH
EyesOfNetwork 5.1-0 - Path Traversal via module/admin_conf/download.php file Parameter
CVSS 7.5
Details
Vulnerabilities 9,283
Exploit Likelihood High