Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2019-12-13 CVE-2019-5251 Path Traversal vulnerability in Huawei products
There is a path traversal vulnerability in several Huawei smartphones.
local
low complexity
huawei CWE-22
5.5
2019-12-13 CVE-2019-16776 Path Traversal vulnerability in multiple products
Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write.
network
low complexity
npmjs opensuse oracle fedoraproject redhat CWE-22
8.1
2019-12-12 CVE-2019-13944 Path Traversal vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).
network
low complexity
siemens CWE-22
5.3
2019-12-12 CVE-2019-16246 Path Traversal vulnerability in Intesync Solismed 3.3
Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931.
network
low complexity
intesync CWE-22
critical
9.8
2019-12-12 CVE-2019-15931 Path Traversal vulnerability in Intesync Solismed 3.3
Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246.
network
low complexity
intesync CWE-22
critical
9.8
2019-12-11 CVE-2019-19374 Path Traversal vulnerability in Squiz Matrix
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists.
network
low complexity
squiz CWE-22
critical
9.1
2019-12-09 CVE-2019-19683 Path Traversal vulnerability in Nopcommerce 4.20
RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFilemanService.cs.
network
low complexity
nopcommerce CWE-22
critical
9.1
2019-12-09 CVE-2019-14251 Path Traversal vulnerability in Temenos T24 R15.01
An issue was discovered in T24 in TEMENOS Channels R15.01.
network
low complexity
temenos CWE-22
7.5
2019-12-05 CVE-2019-7195 Path Traversal vulnerability in Qnap Photo Station
This external control of file name or path vulnerability allows remote attackers to access or modify system files.
network
low complexity
qnap CWE-22
critical
9.8
2019-12-05 CVE-2019-7194 Path Traversal vulnerability in Qnap Photo Station
This external control of file name or path vulnerability allows remote attackers to access or modify system files.
network
low complexity
qnap CWE-22
critical
9.8