Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-06 | CVE-2021-30497 | Path Traversal vulnerability in Ivanti Avalanche 6.3.2 Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. | 7.5 |
| 2022-04-05 | CVE-2022-23732 | Path Traversal vulnerability in Github Enterprise Server A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. | 8.8 |
| 2022-04-04 | CVE-2021-32981 | Path Traversal vulnerability in Aveva System Platform 2017/2020 AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | 7.2 |
| 2022-04-04 | CVE-2021-44138 | Path Traversal vulnerability in Caucho Resin There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. | 7.5 |
| 2022-04-03 | CVE-2022-26233 | Path Traversal vulnerability in Barco Control Room Management Suite Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. | 7.5 |
| 2022-04-03 | CVE-2022-27248 | Path Traversal vulnerability in Idearespa Reftree A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. | 6.5 |
| 2022-04-03 | CVE-2022-28380 | Path Traversal vulnerability in Rc-Httpd Project Rc-Httpd The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. | 7.5 |
| 2022-04-01 | CVE-2021-32949 | Path Traversal vulnerability in Auvesy-Mdt Autosave and Autosave for System Platform An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file. | 7.5 |
| 2022-03-31 | CVE-2022-26019 | Path Traversal vulnerability in Netgate Pfsense and Pfsense Plus Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution. | 8.8 |
| 2022-03-30 | CVE-2022-23793 | Path Traversal vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. | 7.5 |