Vulnerabilities (CVE)

Filtered by CWE-22
Total 3778 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29425 1 Apache 1 Commons Io 2021-06-17 5.0 MEDIUM 5.3 MEDIUM
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CVE-2020-22200 1 Phpcms 1 Phpcms 2021-06-17 5.0 MEDIUM 5.3 MEDIUM
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
CVE-2020-35762 1 Bloofox 1 Bloofoxcms 2021-06-17 4.0 MEDIUM 2.7 LOW
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
CVE-2021-30465 2 Fedoraproject, Linuxfoundation 2 Fedora, Runc 2021-06-17 6.0 MEDIUM 8.5 HIGH
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
CVE-2020-26837 1 Sap 1 Solution Manager 2021-06-17 6.5 MEDIUM 9.1 CRITICAL
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.
CVE-2021-0097 1 Intel 2 Efi Bios 7215, Server Board M10jnp2sb 2021-06-17 3.3 LOW 6.5 MEDIUM
Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.
CVE-2021-33896 2 Dino, Fedoraproject 2 Dino, Fedora 2021-06-17 5.0 MEDIUM 5.3 MEDIUM
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.
CVE-2021-22762 1 Schneider-electric 1 Interactive Graphical Scada System 2021-06-15 6.8 MEDIUM 7.8 HIGH
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition.
CVE-2021-34363 1 The Fuck Project 1 The Fuck 2021-06-15 6.4 MEDIUM 9.1 CRITICAL
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.
CVE-2016-5725 2 Jcraft, Microsoft 2 Jsch, Windows 2021-06-14 4.3 MEDIUM 5.9 MEDIUM
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVE-2021-20517 1 Ibm 1 Websphere Application Server Nd 2021-06-10 6.5 MEDIUM 8.8 HIGH
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435.
CVE-2021-29091 1 Synology 1 Photo Station 2021-06-10 4.0 MEDIUM 6.5 MEDIUM
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
CVE-2021-32662 1 Backstage 1 Backstage 2021-06-10 3.5 LOW 6.5 MEDIUM
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`.
CVE-2021-33183 1 Synology 1 Docker 2021-06-10 3.6 LOW 7.9 HIGH
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
CVE-2021-29492 1 Envoyproxy 1 Envoy 2021-06-10 7.5 HIGH 9.8 CRITICAL
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably.
CVE-2021-32643 1 Typelevel 1 Http4s 2021-06-10 5.0 MEDIUM 5.8 MEDIUM
Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` can leak the presence of a directory on a server when the `URL` scheme is not `file://`, and the URL points to a fetchable resource under its scheme and authority. The function returns `F[None]`, indicating no resource, if `url.getFile` is a directory, without first checking the scheme or authority of the URL. If a URL connection to the scheme and URL would return a stream, and the path in the URL exists as a directory on the server, the presence of the directory on the server could be inferred from the 404 response. The contents and other metadata about the directory are not exposed. This affects http4s versions: 0.21.7 through 0.21.23, 0.22.0-M1 through 0.22.0-M8, 0.23.0-M1, and 1.0.0-M1 through 1.0.0-M22. The [patch](https://github.com/http4s/http4s/commit/52e1890665410b4385e37b96bc49c5e3c708e4e9) is available in the following versions: v0.21.24, v0.22.0-M9, v0.23.0-M2, v1.0.0-M23. As a workaround users can avoid calling `StaticFile.fromUrl` with non-file URLs.
CVE-2019-17640 1 Eclipse 1 Vert.x 2021-06-10 7.5 HIGH 9.8 CRITICAL
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
CVE-2021-33182 1 Synology 1 Diskstation Manager 2021-06-09 4.0 MEDIUM 4.3 MEDIUM
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors.
CVE-2020-6950 1 Eclipse 1 Mojarra 2021-06-09 5.0 MEDIUM 7.5 HIGH
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
CVE-2021-29088 1 Synology 1 Diskstation Manager 2021-06-09 4.6 MEDIUM 7.8 HIGH
Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.