Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2020-11-18 CVE-2020-28574 Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0
A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.
network
low complexity
trendmicro CWE-22
7.5
2020-11-18 CVE-2020-26078 Path Traversal vulnerability in Cisco IOT Field Network Director
A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system.
network
low complexity
cisco CWE-22
6.5
2020-11-17 CVE-2020-26405 Path Traversal vulnerability in Gitlab
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations.
network
low complexity
gitlab CWE-22
7.1
2020-11-17 CVE-2020-27553 Path Traversal vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921
In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“.
network
low complexity
basetech CWE-22
7.5
2020-11-16 CVE-2020-8271 Path Traversal vulnerability in Citrix Sd-Wan
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
network
low complexity
citrix CWE-22
critical
9.8
2020-11-12 CVE-2020-27385 Path Traversal vulnerability in Flexdotnetcms Project Flexdotnetcms
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root.
network
low complexity
flexdotnetcms-project CWE-22
8.1
2020-11-12 CVE-2020-12315 Path Traversal vulnerability in Intel Endpoint Management Assistant 1.3.1/1.3.2/1.3.2.1
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
network
low complexity
intel CWE-22
critical
9.8
2020-11-10 CVE-2020-25074 Path Traversal vulnerability in multiple products
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request.
network
low complexity
moinmo debian CWE-22
critical
9.8
2020-11-09 CVE-2020-14366 Path Traversal vulnerability in Redhat Keycloak
A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path.
network
low complexity
redhat CWE-22
7.5
2020-11-09 CVE-2020-24406 Path Traversal vulnerability in Magento
When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments.
network
high complexity
magento CWE-22
3.7