Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-31395 | Path Traversal vulnerability in Algosolutions 8373 IP Zone Paging Adapter Firmware 1.7.6 Algo Communication Products Ltd. | 8.8 |
| 2022-06-23 | CVE-2022-34177 | Path Traversal vulnerability in Jenkins Pipeline: Input Step Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | 7.5 |
| 2022-06-23 | CVE-2022-34179 | Path Traversal vulnerability in Jenkins Embeddable Build Status Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | 7.5 |
| 2022-06-21 | CVE-2022-33995 | Path Traversal vulnerability in Devolutions Remote Desktop Manager A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | 7.5 |
| 2022-06-21 | CVE-2022-29774 | Path Traversal vulnerability in Ispyconnect Ispy 7.2.2.0 iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. | 9.8 |
| 2022-06-16 | CVE-2022-31372 | Path Traversal vulnerability in Wiris Mathtype 7.28.0 Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. | 7.5 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2022-06-14 | CVE-2022-32328 | Path Traversal vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 is vulnerable to Delete any file. | 9.1 |
| 2022-06-14 | CVE-2022-29509 | Path Traversal vulnerability in Tandd T&D Server and Thermo Recorder Data Server Firmware Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | 7.5 |
| 2022-06-13 | CVE-2022-26041 | Path Traversal vulnerability in Generex Rccmd 4.26 Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | 6.5 |