Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-29 | CVE-2021-25124 | Path Traversal vulnerability in HPE products The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local spx_restservice deletevideo_func function path traversal vulnerability. | 7.8 |
| 2021-01-29 | CVE-2021-3341 | Path Traversal vulnerability in Dh2I Dxenterprise and Dxodyssey A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request. | 7.5 |
| 2021-01-27 | CVE-2020-4789 | Path Traversal vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2021-01-27 | CVE-2021-25311 | Path Traversal vulnerability in Wisc Htcondor condor_credd in HTCondor before 8.9.11 allows Directory Traversal outside the SEC_CREDENTIAL_DIRECTORY_OAUTH directory, as demonstrated by creating a file under /etc that will later be executed by root. | 9.9 |
| 2021-01-26 | CVE-2021-3223 | Path Traversal vulnerability in Nodered Node-Red-Dashboard Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | 7.5 |
| 2021-01-26 | CVE-2021-3199 | Path Traversal vulnerability in Onlyoffice Document Server Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. | 9.8 |
| 2021-01-26 | CVE-2021-3152 | Path Traversal vulnerability in Home-Assistant Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. | 5.3 |
| 2021-01-26 | CVE-2021-25864 | Path Traversal vulnerability in Dgtl Huemagic 3.0.0 node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. | 7.5 |
| 2021-01-26 | CVE-2020-23161 | Path Traversal vulnerability in Pyres Termod4 Firmware Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. | 6.5 |
| 2021-01-21 | CVE-2020-8570 | Path Traversal vulnerability in Kubernetes Java Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. | 9.1 |