Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-31 | CVE-2020-35883 | Path Traversal vulnerability in Mozwire Project Mozwire An issue was discovered in the mozwire crate through 2020-08-18 for Rust. | 9.1 |
| 2020-12-30 | CVE-2020-27534 | Path Traversal vulnerability in Docker util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | 5.3 |
| 2020-12-30 | CVE-2020-5811 | Path Traversal vulnerability in Umbraco CMS An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | 6.5 |
| 2020-12-28 | CVE-2020-35612 | Path Traversal vulnerability in Joomla Joomla! An issue was discovered in Joomla! 2.5.0 through 3.9.22. | 7.5 |
| 2020-12-27 | CVE-2020-35736 | Path Traversal vulnerability in Liftoffsoftware Gateone 1.1 GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. | 7.5 |
| 2020-12-26 | CVE-2020-35362 | Path Traversal vulnerability in Dext5 Dext5Upload 2.7.1262310 DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. | 7.5 |
| 2020-12-26 | CVE-2020-35284 | Path Traversal vulnerability in Flamingoim Project Flamingoim 20200929 Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | 7.5 |
| 2020-12-25 | CVE-2020-35709 | Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | 4.9 |
| 2020-12-24 | CVE-2020-28187 | Path Traversal vulnerability in Terra-Master TOS Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php. | 9.8 |
| 2020-12-24 | CVE-2020-2504 | Path Traversal vulnerability in Qnap QES If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. | 7.5 |