Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2018-19856 | Path Traversal vulnerability in Gitlab GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | 7.5 |
| 2019-03-25 | CVE-2019-3396 | Path Traversal vulnerability in Atlassian Confluence The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. | 9.8 |
| 2019-03-25 | CVE-2018-16858 | Path Traversal vulnerability in Libreoffice It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. | 9.8 |
| 2019-03-25 | CVE-2019-6240 | Path Traversal vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.4. | 7.5 |
| 2019-03-25 | CVE-2019-3482 | Path Traversal vulnerability in HP Arcsight Logger Mitigates a directory traversal issue in ArcSight Logger versions prior to 6.7. | 6.5 |
| 2019-03-24 | CVE-2019-9960 | Path Traversal vulnerability in Limesurvey The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | 9.8 |
| 2019-03-23 | CVE-2019-9948 | Path Traversal vulnerability in multiple products urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call. | 9.1 |
| 2019-03-22 | CVE-2019-9649 | Path Traversal vulnerability in Coreftp Core FTP 2.0 An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. | 5.3 |
| 2019-03-22 | CVE-2019-1765 | Path Traversal vulnerability in Cisco products A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. | 6.5 |
| 2019-03-22 | CVE-2019-9648 | Path Traversal vulnerability in Coreftp Core FTP 2.0 An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. | 5.3 |