Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-05 | CVE-2020-29134 | Path Traversal vulnerability in Totvs Fluig 1.6.4/1.6.5/1.7.0 The TOTVS Fluig platform allows path traversal through the parameter "file = .. | 8.6 |
| 2021-03-04 | CVE-2021-26293 | Path Traversal vulnerability in Afterlogic Aurora and Webmail PRO An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. | 9.8 |
| 2021-03-04 | CVE-2021-26028 | Path Traversal vulnerability in Joomla Joomla! An issue was discovered in Joomla! 3.0.0 through 3.9.24. | 5.5 |
| 2021-03-02 | CVE-2021-21514 | Path Traversal vulnerability in Dell Openmanage Server Administrator Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. | 4.9 |
| 2021-03-01 | CVE-2021-22114 | Path Traversal vulnerability in VMWare Spring Integration ZIP Addresses partial fix in CVE-2018-1263. | 5.3 |
| 2021-03-01 | CVE-2021-25833 | Path Traversal vulnerability in Onlyoffice Document Server A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. | 9.8 |
| 2021-03-01 | CVE-2020-9479 | Path Traversal vulnerability in Apache Asterixdb When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. | 5.5 |
| 2021-02-27 | CVE-2021-25282 | Path Traversal vulnerability in multiple products An issue was discovered in through SaltStack Salt before 3002.5. | 9.1 |
| 2021-02-24 | CVE-2021-21972 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. | 9.8 |
| 2021-02-24 | CVE-2021-20661 | Path Traversal vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 8.1 |