Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2018-18894 | Path Traversal vulnerability in Lexmark products Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | 7.5 |
| 2020-03-09 | CVE-2020-2139 | Path Traversal vulnerability in Jenkins Cobertura An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | 6.5 |
| 2020-03-09 | CVE-2020-1737 | Path Traversal vulnerability in Redhat Ansible Tower A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. | 7.8 |
| 2020-03-05 | CVE-2020-5405 | Path Traversal vulnerability in VMWare Spring Cloud Config Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. | 6.5 |
| 2020-03-04 | CVE-2020-9364 | Path Traversal vulnerability in Creative-Solutions Creative Contact Form 4.6.2 An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. | 5.3 |
| 2020-03-03 | CVE-2019-3696 | Path Traversal vulnerability in Opensuse PCP A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. | 7.3 |
| 2020-02-28 | CVE-2019-7007 | Path Traversal vulnerability in Avaya Aura Conferencing 9.0/9.1.9.0 A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. | 8.6 |
| 2020-02-25 | CVE-2020-8810 | Path Traversal vulnerability in Gurux Device Language Message Specification Director 8.0.7/8.2.2002.1201/8.5.1803.0601 An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. | 8.1 |
| 2020-02-24 | CVE-2020-8131 | Path Traversal vulnerability in Yarnpkg Yarn Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | 7.5 |
| 2020-02-24 | CVE-2020-5187 | Path Traversal vulnerability in Dnnsoftware Dotnetnuke DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | 8.8 |