CWE-35

Path Traversal: '.../...//'

Parent: CWE-23 - Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

154 vulnerabilities with CWE-35
CVE-2024-2863 MEDIUM
LG LED Assistant - Thumbnail Path Traversal File Upload
CVSS 5.3
CVE-2024-1886 LOW
LG Webos Signage - Path Traversal
CVSS 3.0
CVE-2023-7263 HIGH
Huawei home music system - Path Traversal
CVSS 7.3
CVE-2023-7300 HIGH
Huawei Home Music System - Path Traversal
CVSS 8.0
CVE-2023-41793 MEDIUM
Artica Pandora Fms < 776 - Path Traversal
CVSS 6.7
CVE-2023-5800 MEDIUM
Axis OS < 11.8.61 - Code Injection
CVSS 5.4
CVE-2023-46690 HIGH
Delta Electronics InfraSuite Device Master <1.0.7 - Code Injection
CVSS 8.8
CVE-2023-5885 MEDIUM
Franklinfueling Colibri Firmware - Path Traversal
CVSS 6.5
CVE-2023-6252 HIGH
Chalemelon Power - Path Traversal
CVSS 7.5
CVE-2023-21418 HIGH
Axis OS < 6.50.5.15 - Path Traversal
CVSS 7.1
CVE-2023-21417 HIGH
Axis OS < 11.7.57 - Path Traversal
CVSS 7.1
CVE-2023-21416 HIGH
AXIS OS - DoS
CVSS 7.1
CVE-2023-21415 MEDIUM
Axis OS < 6.50.5.14 - Path Traversal
CVSS 6.5
CVE-2023-39916 CRITICAL
Nlnetlabs Routinator < 0.12.2 - Path Traversal
CVSS 9.3
CVE-2023-32714 HIGH
Splunk < 8.1.14 - Path Traversal
CVSS 8.1
CVE-2022-48476 HIGH
Jetbrains Ktor < 2.3.0 - Path Traversal
CVSS 7.5
CVE-2022-3693 HIGH
Fileorbis < 10.6.3 - Path Traversal
CVSS 7.5
CVE-2022-36928 MEDIUM
Zoom < 5.13.0 - Path Traversal
CVSS 6.1
CVE-2022-46826 MEDIUM
JetBrains IntelliJ IDEA <2022.3 - Path Traversal
CVSS 6.2
CVE-2022-2265 HIGH
Identity And Directory Management System < 2.1.25 - Path Traversal
CVSS 7.5
CVE-2022-24774 HIGH
Cyclonedx Bill OF Materials Repository Server < 2.0.1 - Path Traversal
CVSS 7.1
CVE-2021-1132 MEDIUM
Cisco NSO - Info Disclosure
CVSS 5.3
CVE-2021-1364 MEDIUM
Cisco Unified Communications Manager < 11.5\(1\)su9 - SQL Injection
CVSS 6.5
CVE-2021-1357 MEDIUM
Cisco Unified Communications Manager < 11.5\(1\)su9 - Path Traversal
CVSS 6.5
CVE-2021-1355 MEDIUM
Cisco Unified Communications Manager < 11.5\(1\)su9 - SQL Injection
CVSS 6.5
Details
Vulnerabilities 154
Links
MITRE CWE Entry Search this CWE With Exploits