The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-21438 | Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. | -- | Feb 10, 2023 |
| CVE-2023-2737 | Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | -- | Aug 16, 2023 |
| CVE-2021-25423 | Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | LOW | Jun 11, 2021 |
| CVE-2021-25422 | Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | LOW | Jun 11, 2021 |
| CVE-2021-25421 | Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | LOW | Jun 11, 2021 |
| CVE-2021-25420 | Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | LOW | Jun 11, 2021 |
| CVE-2021-25335 | Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | LOW | Mar 4, 2021 |
| CVE-2021-0147 | Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. | LOW | Feb 10, 2022 |
| CVE-2021-0094 | Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. | MEDIUM | Jun 9, 2021 |
| CVE-2023-6069 | Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | -- | Nov 10, 2023 |
| CVE-2021-3641 | Improper Link Resolution Before File Access (\'Link Following\') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions. | LOW | Nov 9, 2021 |
| CVE-2023-6335 | Improper Link Resolution Before File Access (\'Link Following\') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | -- | Jan 16, 2024 |
| CVE-2023-6336 | Improper Link Resolution Before File Access (\'Link Following\') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7. | -- | Jan 16, 2024 |
| CVE-2024-0068 | Improper Link Resolution Before File Access (\'Link Following\') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. | -- | Feb 29, 2024 |
| CVE-2023-51654 | Improper link resolution before file access (\'Link Following\') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. A symlink attack by a malicious user may cause a Denial-of-service (DoS) condition on the PC. | -- | Dec 26, 2023 |
| CVE-2022-26500 | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | MEDIUM | Mar 18, 2022 |
| CVE-2023-3330 | Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | -- | Jun 28, 2023 |
| CVE-2023-3331 | Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product. | -- | Jun 28, 2023 |
| CVE-2021-24010 | Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access to files and data via specifially crafted web requests. | MEDIUM | Aug 4, 2021 |
| CVE-2024-2224 | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects the following products that include the vulnerable component: Bitdefender Endpoint Security for Linux version 7.0.5.200089 Bitdefender Endpoint Security for Windows version 7.9.9.380 GravityZone Control Center (On Premises) version 6.36.1 | -- | Apr 9, 2024 |
| CVE-2022-0902 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\'), Improper Neutralization of Special Elements used in a Command (\'Command Injection\') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | -- | Jul 21, 2022 |
| CVE-2022-29836 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. | -- | Nov 11, 2022 |
| CVE-2022-36327 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires an authentication bypass issue to be triggered before this can be exploited. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. | -- | May 18, 2023 |
| CVE-2022-36328 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202. | -- | May 18, 2023 |
| CVE-2023-47843 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | -- | Apr 18, 2024 |
| CVE-2022-47595 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in WP Go Maps (formerly WP Google Maps) plugin <= 9.0.15 versions. | -- | Mar 17, 2023 |
| CVE-2024-30492 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in WebToffee Import Export WordPress Users.This issue affects Import Export WordPress Users: from n/a through 2.5.2. | -- | Apr 1, 2024 |
| CVE-2022-22685 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology WebDAV Server before 2.4.0-0062 allows remote authenticated users to delete arbitrary files via unspecified vectors. | -- | Jul 28, 2022 |
| CVE-2022-27621 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | -- | Aug 3, 2022 |
| CVE-2022-27618 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | -- | Aug 3, 2022 |
| CVE-2022-27620 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | -- | Aug 3, 2022 |
| CVE-2021-29087 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | MEDIUM | Jun 23, 2021 |
| CVE-2022-27610 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors. | -- | Jul 27, 2022 |
| CVE-2022-27617 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | -- | Aug 3, 2022 |
| CVE-2022-27611 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in webapi component in Synology Audio Station before 6.5.4-3367 allows remote authenticated users to delete arbitrary files via unspecified vectors. | -- | Jul 28, 2022 |
| CVE-2021-3823 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. | HIGH | Oct 28, 2021 |
| CVE-2021-3960 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 | MEDIUM | Dec 16, 2021 |
| CVE-2022-22679 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | MEDIUM | Feb 10, 2022 |
| CVE-2023-34129 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | -- | Jul 13, 2023 |
| CVE-2023-3675 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Secomea GateManager (Web GUI) allows Reading Data from System Resources.This issue affects GateManager: from 11.0.623074018 before 11.0.623373051. | -- | Apr 18, 2024 |
| CVE-2023-31167 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778. | -- | Aug 31, 2023 |
| CVE-2024-34808 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.2.0. | -- | May 16, 2024 |
| CVE-2021-42811 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. | MEDIUM | Jun 10, 2022 |
| CVE-2023-52144 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15. | -- | Apr 15, 2024 |
| CVE-2021-33182 | Improper limitation of a pathname to a restricted directory (\'Path Traversal\') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to read limited files via unspecified vectors. | MEDIUM | Jun 1, 2021 |
| CVE-2024-31287 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. | -- | Apr 10, 2024 |
| CVE-2022-31474 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. | -- | Mar 16, 2023 |
| CVE-2024-31240 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1. | -- | Apr 10, 2024 |
| CVE-2022-40264 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to create, tamper with or destroy arbitrary files by getting a legitimate user import a project package file crafted by the attacker. | -- | Dec 16, 2022 |
| CVE-2022-29834 | Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in ICONICS GENESIS64 versions 10.97 to 10.97.1 allows a remote unauthenticated attacker to access to arbitrary files in the GENESIS64 server and disclose information stored in the files by embedding a malicious URL parameter in the URL of the monitoring screen delivered to the GENESIS64 mobile monitoring application and accessing the monitoring screen. | -- | Jul 20, 2022 |
