Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-04 | CVE-2021-40525 | Path Traversal vulnerability in Apache James Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. | 9.1 |
| 2022-01-03 | CVE-2021-37126 | Path Traversal vulnerability in Huawei Harmonyos Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. | 7.5 |
| 2022-01-03 | CVE-2021-37128 | Path Traversal vulnerability in Huawei Harmonyos HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | 9.8 |
| 2022-01-03 | CVE-2021-39970 | Path Traversal vulnerability in Huawei Harmonyos HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. | 7.5 |
| 2022-01-03 | CVE-2021-25020 | Path Traversal vulnerability in Daan Complete Analytics Optimization Suite The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | 4.9 |
| 2022-01-03 | CVE-2021-25021 | Path Traversal vulnerability in FFW Optimize MY Google Fonts The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | 4.9 |
| 2022-01-03 | CVE-2021-44674 | Path Traversal vulnerability in Opmantek Open-Audit 4.2.0 An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. | 6.5 |
| 2021-12-30 | CVE-2021-20133 | Path Traversal vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. | 6.1 |
| 2021-12-30 | CVE-2021-20134 | Path Traversal vulnerability in Dlink Dir-2640-Us Firmware 1.01/1.01B04/1.11B02 Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). | 8.4 |
| 2021-12-30 | CVE-2021-45427 | Path Traversal vulnerability in Emerson Xweb300D EVO Firmware 3.0.7 Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. | 9.8 |