Latest Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-7529 A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. 0.0
2020-09-15 CVE-2020-4711 Path Traversal vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
CWE-22
4.0
2020-09-11 CVE-2020-25248 Path Traversal vulnerability in Hyland Onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000.
network
low complexity
hyland
CWE-22
5.0
2020-09-11 CVE-2020-25247 Path Traversal vulnerability in Hyland Onbase
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000.
network
low complexity
hyland
CWE-22
5.0
2020-09-04 CVE-2019-20916 Path Traversal vulnerability in Pypa PIP
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file.
network
low complexity
pypa
CWE-22
5.0
2020-09-04 CVE-2020-3365 Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories.
network
low complexity
cisco
CWE-22
4.0
2020-09-03 CVE-2020-25068 Path Traversal vulnerability in Setelsa-Security Conacwin 3.7.1.2
** DISPUTED ** Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability.
network
low complexity
setelsa-security
CWE-22
5.0
2020-09-02 CVE-2020-24654 Path Traversal vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
4.3
2020-09-01 CVE-2020-6142 Path Traversal vulnerability in Os4Ed Opensis 7.3
A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3.
network
low complexity
os4ed
CWE-22
7.5
2020-09-01 CVE-2012-3337 Path Traversal vulnerability in IBM Infosphere Guardium 8.0/8.01/8.2
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm
CWE-22
5.0