Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-41381 | Path Traversal vulnerability in Payara Micro Community Payara Micro Community 5.2021.6 and below allows Directory Traversal. | 7.5 |
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |
| 2021-09-23 | CVE-2021-22013 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. | 7.5 |
| 2021-09-21 | CVE-2021-41087 | Path Traversal vulnerability in In-Toto In-Toto-Golang in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. | 6.5 |
| 2021-09-17 | CVE-2019-9060 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 An issue was discovered in CMS Made Simple 2.2.8. | 7.5 |
| 2021-09-16 | CVE-2021-27341 | Path Traversal vulnerability in Os4Ed Opensis 7.3/7.6 OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in DownloadWindow.php via the "filename" parameter. | 9.8 |
| 2021-09-15 | CVE-2021-33692 | Path Traversal vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. | 7.5 |
| 2021-09-15 | CVE-2021-40964 | Path Traversal vulnerability in Tinyfilemanager Project Tinyfilemanager 2.4.6 A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer. | 6.5 |
| 2021-09-15 | CVE-2020-19146 | Path Traversal vulnerability in Jflyfox Jfinal CMS Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. | 6.5 |
| 2021-09-15 | CVE-2020-19147 | Path Traversal vulnerability in Jflyfox Jfinal CMS Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. | 6.5 |