Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2023-0591 | Path Traversal vulnerability in UBI Reader Project UBI Reader ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. | 5.5 |
| 2023-01-31 | CVE-2023-0592 | Path Traversal vulnerability in Jefferson Project Jefferson 0.3/0.4 A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. | 5.5 |
| 2023-01-31 | CVE-2023-0593 | Path Traversal vulnerability in Yaffshiv Project Yaffshiv 0.1 A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. | 5.5 |
| 2023-01-31 | CVE-2022-39059 | Path Traversal vulnerability in Changingtec Megaservisignadapter 1.0.17.0823 ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. | 7.5 |
| 2023-01-30 | CVE-2022-22731 | Path Traversal vulnerability in Schneider-Electric Ecostruxure Power Commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. | 9.8 |
| 2023-01-30 | CVE-2022-38451 | Path Traversal vulnerability in multiple products A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. | 7.5 |
| 2023-01-30 | CVE-2022-25936 | Path Traversal vulnerability in Servst Project Servst Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | 7.5 |
| 2023-01-29 | CVE-2022-48285 | Path Traversal vulnerability in Jszip Project Jszip loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | 7.3 |
| 2023-01-27 | CVE-2022-39812 | Path Traversal vulnerability in Italtel Netmatch-S CI 5.2.020211008 Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. | 7.5 |
| 2023-01-27 | CVE-2022-43979 | Path Traversal vulnerability in Pandorafms Pandora FMS There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. | 9.8 |