Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-41242 | Path Traversal vulnerability in Frentix Openolat OpenOlat is a web-basedlearning management system. | 8.1 |
| 2021-12-10 | CVE-2021-43815 | Path Traversal vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 4.3 |
| 2021-12-10 | CVE-2021-31746 | Path Traversal vulnerability in Pluck-Cms Pluck 4.7.15 Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. | 9.8 |
| 2021-12-10 | CVE-2021-43813 | Path Traversal vulnerability in Grafana Grafana is an open-source platform for monitoring and observability. | 4.3 |
| 2021-12-09 | CVE-2021-41449 | Path Traversal vulnerability in Netgear Rax35 Firmware, Rax38 Firmware and Rax40 Firmware A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. | 7.1 |
| 2021-12-08 | CVE-2021-25511 | Path Traversal vulnerability in Google Android 10.0/11.0/9.0 An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. | 7.8 |
| 2021-12-08 | CVE-2021-41024 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. | 7.5 |
| 2021-12-08 | CVE-2021-20040 | Path Traversal vulnerability in Sonicwall products A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. | 7.5 |
| 2021-12-08 | CVE-2021-44725 | Path Traversal vulnerability in Knime Server 4.12.5/4.13.3 KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | 7.5 |
| 2021-12-07 | CVE-2021-43176 | Path Traversal vulnerability in Goautodial and Goautodial API The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. | 8.8 |