Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-20229 | Path Traversal vulnerability in Cisco DUO Device Health Application A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient input validation. | 7.1 |
| 2023-08-16 | CVE-2020-26037 | Path Traversal vulnerability in Evenbalance Punkbuster 1.902 Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. | 9.8 |
| 2023-08-15 | CVE-2023-32003 | Path Traversal vulnerability in multiple products `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. | 5.3 |
| 2023-08-15 | CVE-2023-32004 | Path Traversal vulnerability in multiple products A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. | 8.8 |
| 2023-08-14 | CVE-2023-21268 | Path Traversal vulnerability in Google Android In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. | 5.5 |
| 2023-08-14 | CVE-2023-40274 | Path Traversal vulnerability in Getzola Zola An issue was discovered in zola 0.13.0 through 0.17.2. | 7.5 |
| 2023-08-11 | CVE-2020-27514 | Path Traversal vulnerability in Zrlog 2.1.5 Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | 9.1 |
| 2023-08-11 | CVE-2021-26504 | Path Traversal vulnerability in Dgtl Huemagic 3.0.0 Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js. | 7.5 |
| 2023-08-10 | CVE-2023-32563 | Path Traversal vulnerability in Ivanti Avalanche An unauthenticated attacker could achieve the code execution through a RemoteControl server. | 9.8 |
| 2023-08-10 | CVE-2023-39964 | Path Traversal vulnerability in Fit2Cloud 1Panel 1.4.3 1Panel is an open source Linux server operation and maintenance management panel. | 7.5 |