Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-25485 Path Traversal vulnerability in Google Android 10.0/11.0
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
low complexity
google CWE-22
5.8
2021-10-06 CVE-2020-15941 Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
network
low complexity
fortinet CWE-22
5.5
2021-10-05 CVE-2021-41773 Path Traversal vulnerability in Apache Http Server 2.4.49
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49.
network
apache CWE-22
4.3
2021-10-04 CVE-2021-41578 Path Traversal vulnerability in Myscada Mydesigner
mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files.
network
myscada CWE-22
6.8
2021-10-04 CVE-2021-41579 Path Traversal vulnerability in Laquisscada Scada
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal.
6.8
2021-10-04 CVE-2021-41103 Path Traversal vulnerability in Linuxfoundation Containerd
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.
local
low complexity
linuxfoundation CWE-22
7.2
2021-10-04 CVE-2021-41595 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
network
low complexity
salesagility CWE-22
5.0
2021-10-04 CVE-2021-41596 Path Traversal vulnerability in Salesagility Suitecrm
SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal.
network
low complexity
salesagility CWE-22
5.0
2021-10-04 CVE-2021-21706 Path Traversal vulnerability in PHP
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
network
php CWE-22
4.3
2021-10-01 CVE-2021-40960 Path Traversal vulnerability in Galera Webtemplate 1.0
Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.
network
low complexity
galera CWE-22
7.5