Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-17 | CVE-2020-13924 | Path Traversal vulnerability in Apache Ambari In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | 7.5 |
| 2021-03-15 | CVE-2020-29556 | Path Traversal vulnerability in Getgrav Grav CMS The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. | 5.5 |
| 2021-03-15 | CVE-2020-29555 | Path Traversal vulnerability in Getgrav Grav CMS The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. | 8.1 |
| 2021-03-15 | CVE-2021-23357 | Path Traversal vulnerability in TYK All versions of package github.com/tyktechnologies/tyk/gateway are vulnerable to Directory Traversal via the handleAddOrUpdateApi function. | 5.3 |
| 2021-03-10 | CVE-2020-5016 | Path Traversal vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2021-03-10 | CVE-2021-20669 | Path Traversal vulnerability in Weseek Growi Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL. | 4.7 |
| 2021-03-10 | CVE-2021-20668 | Path Traversal vulnerability in Weseek Growi Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read an arbitrary path via a specially crafted URL. | 2.7 |
| 2021-03-07 | CVE-2021-26294 | Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. | 7.5 |
| 2021-03-06 | CVE-2021-26814 | Path Traversal vulnerability in Wazuh Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. | 8.8 |
| 2021-03-05 | CVE-2021-28042 | Path Traversal vulnerability in Deutschepost Mailoptimizer 4.3 Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. | 7.8 |