Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-4209 | Path Traversal vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. | 5.4 |
| 2020-05-04 | CVE-2020-12475 | Path Traversal vulnerability in Tp-Link Omada Controller 3.2.6 TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | 5.5 |
| 2020-05-04 | CVE-2020-1631 | Path Traversal vulnerability in Juniper Junos A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform local file inclusion (LFI) or path traversal. | 9.8 |
| 2020-04-30 | CVE-2020-11652 | Path Traversal vulnerability in multiple products An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. | 6.5 |
| 2020-04-30 | CVE-2020-10691 | Path Traversal vulnerability in Redhat Ansible Engine and Ansible Tower An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. | 5.2 |
| 2020-04-29 | CVE-2020-12479 | Path Traversal vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | 8.8 |
| 2020-04-29 | CVE-2020-12251 | Path Traversal vulnerability in Gigamon Gigavue An issue was discovered in Gigamon GigaVUE 5.5.01.11. | 2.2 |
| 2020-04-29 | CVE-2020-12447 | Path Traversal vulnerability in Onkyo Tx-Nr585 Firmware 1000000000000080000 A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | 7.5 |
| 2020-04-29 | CVE-2019-19102 | Path Traversal vulnerability in Br-Automation Automation Studio A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. | 7.5 |
| 2020-04-29 | CVE-2020-12443 | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. | 9.8 |