Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-34129 | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. | 8.8 |
| 2023-07-13 | CVE-2023-34125 | Path Traversal vulnerability in Sonicwall Analytics and Global Management System Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. | 6.5 |
| 2023-07-12 | CVE-2023-26563 | Path Traversal vulnerability in Syncfusion Nodejs File System Provider 0102271 The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. | 9.8 |
| 2023-07-12 | CVE-2023-26564 | Path Traversal vulnerability in Syncfusion EJ2 Aspcore File Provider The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. | 9.8 |
| 2023-07-12 | CVE-2023-37960 | Path Traversal vulnerability in Jenkins Mathworks Polyspace Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. | 6.5 |
| 2023-07-12 | CVE-2023-22887 | Path Traversal vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. | 6.5 |
| 2023-07-11 | CVE-2022-23447 | Path Traversal vulnerability in Fortinet Fortiextender Firmware An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 7.5 |
| 2023-07-11 | CVE-2023-25606 | Path Traversal vulnerability in Fortinet Fortianalyzer and Fortimanager An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests. | 6.5 |
| 2023-07-11 | CVE-2023-34117 | Path Traversal vulnerability in Zoom Software Development KIT Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | 3.3 |
| 2023-07-11 | CVE-2023-33989 | Path Traversal vulnerability in SAP Netweaver BI Content An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. | 8.1 |