Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-27203 | Path Traversal vulnerability in Jenkins Extended Choice Parameter 346.Vd87693C5A86C Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | 6.5 |
| 2022-03-15 | CVE-2022-27208 | Path Traversal vulnerability in Jenkins Kubernetes Continuous Deploy Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | 6.5 |
| 2022-03-15 | CVE-2021-45010 | Path Traversal vulnerability in Tiny File Manager Project Tiny File Manager A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | 8.8 |
| 2022-03-13 | CVE-2021-45887 | Path Traversal vulnerability in Ponton X/P Messenger 3.10.0/3.8.0 An issue was discovered in PONTON X/P Messenger before 3.11.2. | 9.8 |
| 2022-03-12 | CVE-2022-26276 | Path Traversal vulnerability in Onenav 0.9.14 An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | 5.3 |
| 2022-03-11 | CVE-2022-25216 | Path Traversal vulnerability in Dvdfab 12 Player and Playerfab An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>. | 7.5 |
| 2022-03-11 | CVE-2022-21177 | Path Traversal vulnerability in Yokogawa products There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 8.1 |
| 2022-03-11 | CVE-2022-21808 | Path Traversal vulnerability in Yokogawa products Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 8.8 |
| 2022-03-10 | CVE-2022-26652 | Path Traversal vulnerability in Nats Server and Nats Streaming Server NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. | 6.5 |
| 2022-03-10 | CVE-2022-21132 | Path Traversal vulnerability in Pfsense Pfsense-Pkg-Wireguard 0.1.5/0.1.6 Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder. | 6.5 |