Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24449 | Path Traversal vulnerability in Jenkins Pwauth Security Realm 0.3/0.4 Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |
| 2023-01-26 | CVE-2023-24455 | Path Traversal vulnerability in Jenkins Visual Expert 1.0/1.3 Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | 4.3 |
| 2023-01-26 | CVE-2020-18330 | Path Traversal vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2000En01 An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface. | 9.1 |
| 2023-01-26 | CVE-2020-18331 | Path Traversal vulnerability in Chinamobileltd Gpn2.4P21-C-Cn Firmware W2000En01 Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc. | 9.1 |
| 2023-01-26 | CVE-2022-21192 | Path Traversal vulnerability in Serve-Lite Project Serve-Lite All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). | 7.5 |
| 2023-01-26 | CVE-2022-25882 | Path Traversal vulnerability in Linuxfoundation Onnx Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd" | 7.5 |
| 2023-01-26 | CVE-2022-29844 | Path Traversal vulnerability in Westerndigital products A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. | 9.8 |
| 2023-01-26 | CVE-2022-31706 | Path Traversal vulnerability in VMWare Vrealize LOG Insight The vRealize Log Insight contains a Directory Traversal Vulnerability. | 9.8 |
| 2023-01-23 | CVE-2022-46639 | Path Traversal vulnerability in Correos 1.7.0/1.7.8 A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal. | 7.5 |
| 2023-01-23 | CVE-2022-46959 | Path Traversal vulnerability in Sonic Project Sonic 1.0.4 An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal. | 4.3 |