Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2020-4993 Path Traversal vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks.
network
low complexity
ibm CWE-22
4.9
2021-05-05 CVE-2021-29100 Path Traversal vulnerability in Esri Arcgis Earth
A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input.
local
low complexity
esri CWE-22
7.8
2021-05-05 CVE-2021-31542 Path Traversal vulnerability in multiple products
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
network
low complexity
djangoproject debian fedoraproject CWE-22
7.5
2021-05-05 CVE-2021-29246 Path Traversal vulnerability in Btcpayserver Btcpay Server
BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution.
local
low complexity
btcpayserver CWE-22
6.7
2021-05-05 CVE-2021-31800 Path Traversal vulnerability in multiple products
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22.
network
low complexity
secureauth fedoraproject CWE-22
critical
9.8
2021-04-30 CVE-2020-4039 Path Traversal vulnerability in Fossasia Susi.Ai
SUSI.AI is an intelligent Open Source personal assistant.
network
low complexity
fossasia CWE-22
critical
9.1
2021-04-30 CVE-2021-28959 Path Traversal vulnerability in Zohocorp Manageengine Eventlog Analyzer
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive.
network
low complexity
zohocorp CWE-22
critical
9.8
2021-04-30 CVE-2020-18070 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
network
low complexity
idreamsoft CWE-22
critical
9.1
2021-04-29 CVE-2021-30048 Path Traversal vulnerability in Novel Boutique House-Plus Project Novel Boutique House-Plus 3.5.1
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
network
low complexity
novel-boutique-house-plus-project CWE-22
5.3
2021-04-29 CVE-2021-20090 Path Traversal vulnerability in Buffalo products
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
network
low complexity
buffalo CWE-22
critical
9.8