Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2020-04-02 CVE-2020-11491 Path Traversal vulnerability in Zevenet ZEN Load Balancer 3.10.1
Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.
network
low complexity
zevenet CWE-22
4.9
2020-04-01 CVE-2020-8144 Path Traversal vulnerability in UI Unifi Video
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree.
low complexity
ui CWE-22
8.4
2020-04-01 CVE-2020-11455 Path Traversal vulnerability in Limesurvey
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
network
low complexity
limesurvey CWE-22
critical
9.8
2020-03-31 CVE-2020-10696 Path Traversal vulnerability in multiple products
A path traversal flaw was found in Buildah in versions before 1.14.5.
network
low complexity
buildah-project redhat CWE-22
8.8
2020-03-31 CVE-2020-4240 Path Traversal vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2020-03-31 CVE-2020-11414 Path Traversal vulnerability in Telerik UI for Silverlight
An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330.
network
low complexity
telerik CWE-22
7.5
2020-03-30 CVE-2020-5284 Path Traversal vulnerability in Zeit Next.Js
Next.js versions before 9.3.2 have a directory traversal vulnerability.
network
low complexity
zeit CWE-22
4.3
2020-03-27 CVE-2020-10953 Path Traversal vulnerability in Gitlab
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
network
low complexity
gitlab CWE-22
7.5
2020-03-27 CVE-2015-8535 Path Traversal vulnerability in Lenovo Solution Center 3.3.0001
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA.
local
low complexity
lenovo CWE-22
7.8
2020-03-25 CVE-2020-5280 Path Traversal vulnerability in Typelevel Http4S
http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability.
network
low complexity
typelevel CWE-22
7.5