Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2020-04-15 CVE-2020-3252 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
6.5
2020-04-15 CVE-2020-3251 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
8.8
2020-04-15 CVE-2020-3249 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
7.5
2020-04-15 CVE-2020-3248 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
critical
9.8
2020-04-15 CVE-2020-3247 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
critical
9.8
2020-04-15 CVE-2020-3239 Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
8.8
2020-04-15 CVE-2020-3177 Path Traversal vulnerability in Cisco products
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device.
network
low complexity
cisco CWE-22
7.5
2020-04-15 CVE-2020-10506 Path Traversal vulnerability in the School Manage System Project the School Manage System
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.
network
low complexity
the-school-manage-system-project CWE-22
7.5
2020-04-14 CVE-2020-6225 Path Traversal vulnerability in SAP products
SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.
network
low complexity
sap CWE-22
8.8
2020-04-13 CVE-2020-11738 Path Traversal vulnerability in Snapcreek Duplicator
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
network
low complexity
snapcreek CWE-22
7.5