Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-23 | CVE-2021-29087 | Path Traversal vulnerability in Synology products Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to write arbitrary files via unspecified vectors. | 7.5 |
| 2021-06-18 | CVE-2021-31272 | Path Traversal vulnerability in Serenityos 20191230/20210127/20210327 SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. | 9.8 |
| 2021-06-18 | CVE-2021-32954 | Path Traversal vulnerability in Advantech Webaccess/Scada Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | 6.5 |
| 2021-06-18 | CVE-2021-33576 | Path Traversal vulnerability in Cleo Lexicom 5.5.0.0 An issue was discovered in Cleo LexiCom 5.5.0.0. | 9.8 |
| 2021-06-18 | CVE-2021-34553 | Path Traversal vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | 4.3 |
| 2021-06-16 | CVE-2020-22200 | Path Traversal vulnerability in PHPcms 9.1.13 Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. | 5.3 |
| 2021-06-16 | CVE-2020-35762 | Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. | 2.7 |
| 2021-06-15 | CVE-2021-34129 | Path Traversal vulnerability in Laiketui 3.5.0 LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. | 8.1 |
| 2021-06-11 | CVE-2021-22762 | Path Traversal vulnerability in Schneider-Electric Interactive Graphical Scada System A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF or WSP file is being parsed by IGSS Definition. | 7.8 |
| 2021-06-11 | CVE-2021-24035 | Path Traversal vulnerability in Whatsapp A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files. | 9.1 |