Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-30302 | Path Traversal vulnerability in Fortinet Fortideceptor Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. | 8.1 |
| 2022-07-19 | CVE-2022-2030 | Path Traversal vulnerability in Zyxel products A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device. | 6.5 |
| 2022-07-18 | CVE-2021-41031 | Path Traversal vulnerability in Fortinet Forticlient A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. | 7.8 |
| 2022-07-17 | CVE-2022-31202 | Path Traversal vulnerability in Monitoringsoft Softguard web The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl. | 6.5 |
| 2022-07-17 | CVE-2022-35861 | Path Traversal vulnerability in Pyenv pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. | 7.8 |
| 2022-07-14 | CVE-2022-32409 | Path Traversal vulnerability in Softwarepublico I3Geo 7.0.5 A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. | 9.8 |
| 2022-07-13 | CVE-2022-20220 | Path Traversal vulnerability in Google Android 12.0/12.1 In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. | 7.8 |
| 2022-07-12 | CVE-2022-33690 | Path Traversal vulnerability in Google Android 12.0 Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. | 3.3 |
| 2022-07-11 | CVE-2022-31501 | Path Traversal vulnerability in Onyxforum Project Onyxforum The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
| 2022-07-11 | CVE-2022-31502 | Path Traversal vulnerability in Wormnest Project Wormnest The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |