Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-7270

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-10 Apr, 2017 | 03:00
Updated At-06 Aug, 2024 | 07:43
Rejected At-
Credits

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:10 Apr, 2017 | 03:00
Updated At:06 Aug, 2024 | 07:43
Rejected At:
▼CVE Numbering Authority (CNA)

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

Affected Products
Vendor
n/a
Product
Dell Integrated Remote Access Controller (iDRAC)
Versions
Affected
  • Dell Integrated Remote Access Controller (iDRAC)
Problem Types
TypeCWE IDDescription
textN/Adirectory traversal
Type: text
CWE ID: N/A
Description: directory traversal
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/97521
vdb-entry
x_refsource_BID
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/97521
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/97521
vdb-entry
x_refsource_BID
x_transferred
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97521
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:10 Apr, 2017 | 03:59
Updated At:20 Apr, 2025 | 01:37

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Dell Inc.
dell
>>integrated_remote_access_controller_firmware>>Versions up to 2.20.20.20(inclusive)
cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_7>>-
cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_8>>-
cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_firmware>>Versions up to 1.99(inclusive)
cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>integrated_remote_access_controller_6>>-
cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859cret@cert.org
Vendor Advisory
http://www.securityfocus.com/bid/97521cret@cert.org
Third Party Advisory
VDB Entry
http://en.community.dell.com/techcenter/extras/m/white_papers/20441859af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/97521af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Source: cret@cert.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97521
Source: cret@cert.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97521
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

120Records found
CVE-2024-22226
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.3||LOW
EPSS-0.33% / 55.46%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 18:55
Updated-01 Aug, 2024 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges.

Action-Not Available
Vendor-Dell Inc.
Product-unity_operating_environmentUnity
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33937
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.75%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 19:25
Updated-16 May, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerability in the reporting function. A local, low privileged attacker could potentially exploit this vulnerability, to gain unauthorized delete access to the files stored on the server filesystem, with the privileges of the GeoDrive service: NT AUTHORITY\SYSTEM.

Action-Not Available
Vendor-Dell Inc.
Product-geodriveGeoDrive
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34426
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.77% / 81.87%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-16 May, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains an Improper Limitation of a Pathname to a Restricted Directory in goiscsi and gobrick libraries which could lead to OS command injection. A remote unauthenticated attacker could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34373
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.96%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 20:05
Updated-16 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

Action-Not Available
Vendor-Dell Inc.
Product-command_\|_integration_suite_for_system_centerCPG SW
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34365
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 61.81%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:31
Updated-16 Sep, 2024 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WMS 3.7 contains a Path Traversal Vulnerability in Device API. An attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34430
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.66%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 16:40
Updated-19 May, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CVE-2022-34429
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 16.44%
||
7 Day CHG~0.00%
Published-30 Sep, 2022 | 19:25
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

Action-Not Available
Vendor-Dell Inc.
Product-hybrid_clientDell Hybrid Client (DHC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34375
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.25% / 47.86%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 20:25
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

Action-Not Available
Vendor-Dell Inc.
Product-container_storage_modulesDell Container Storage Modules
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-4004
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.9||MEDIUM
EPSS-12.17% / 93.57%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.

Action-Not Available
Vendor-n/aDell Inc.
Product-openmanage_server_administratorn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36286
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a different object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_client_consumerSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-48660
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.99%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:51
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Action-Not Available
Vendor-Dell Inc.
Product-unisphere_for_powermax_virtual_appliancesolutions_enabler_virtual_appliancepowermax_os vApp Manger
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29097
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-0.31% / 53.82%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 17:00
Updated-16 Sep, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29094
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21569
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.8||MEDIUM
EPSS-0.85% / 73.99%
||
7 Day CHG~0.00%
Published-28 Sep, 2021 | 19:20
Updated-17 Sep, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.

Action-Not Available
Vendor-Dell Inc.
Product-emc_networkerNetWorker
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21514
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-6.08% / 90.40%
||
7 Day CHG~0.00%
Published-02 Mar, 2021 | 16:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-21586
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-46.07% / 97.55%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 16:15
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-36
Absolute Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44306
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-1.70% / 81.53%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 08:32
Updated-01 Oct, 2024 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem.

Action-Not Available
Vendor-Dell Inc.
Product-dm5500_firmwaredm5500Dell PowerProtect Data Manager DM5500 Appliance
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-44278
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 15:17
Updated-02 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain a path traversal vulnerability. A local high privileged attacker could potentially exploit this vulnerability, to gain unauthorized read and write access to the OS files stored on the server filesystem, with the privileges of the running application.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_data_domainpowerprotect_data_protectiondd9400dp5900apex_protection_storagepowerprotect_data_domain_management_centerdd6400emc_data_domain_osdd3300dd9900dd6900dp4400PowerProtect DD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-3304
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.09% / 90.40%
||
7 Day CHG~0.00%
Published-30 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

Action-Not Available
Vendor-n/aDell Inc.
Product-equallogic_ps4000_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-43070
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.59%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 17:38
Updated-19 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_storage_softwareDell SmartFabric Storage Software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5366
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.30% / 52.42%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 13:45
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5377
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-78.59% / 99.00%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:50
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorDell Open Manage Server Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29494
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.7||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-29495
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-15.49% / 94.40%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 21:10
Updated-16 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in Fitness Analyzer. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with high privileges. This vulnerability is considered critical as it can be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

Action-Not Available
Vendor-Dell Inc.
Product-emc_integrated_data_protection_applianceemc_avamar_serverAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-3737
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.42% / 61.03%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 22:28
Updated-16 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dell EMC Avamar Security Update for ADMe Web UI Vulnerability

Dell EMC Avamar ADMe Web Interface 1.0.50 and 1.0.51 are affected by an LFI vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application.

Action-Not Available
Vendor-Dell Inc.
Product-avamar_data_migration_enabler_web_interfaceAvamar
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3720
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-4.9||MEDIUM
EPSS-5.15% / 89.48%
||
7 Day CHG~0.00%
Published-25 Apr, 2019 | 20:17
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Traversal Vulnerability

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient sanitization of input parameters.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_server_administratorOpen Manage System Administrator
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2012-1841
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.80% / 73.03%
||
7 Day CHG~0.00%
Published-22 Mar, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.

Action-Not Available
Vendor-quantumn/aDell Inc.
Product-powervault_ml6000powervault_ml6000_firmwarescalar_i500powervault_ml6020scalar_i500_firmwarepowervault_ml6010powervault_ml6030n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-22479
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-3.5||LOW
EPSS-0.02% / 3.53%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:46
Updated-13 May, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Storage Center - Dell Storage Manager, version(s) 20.0.21, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection.

Action-Not Available
Vendor-Dell Inc.
Product-storage_managerDell Storage Center - Dell Storage Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-29093
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.35%
||
7 Day CHG~0.00%
Published-10 Jun, 2022 | 20:05
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_business_pcssupportassist_for_home_pcsSupportAssist Client Commercial
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1204
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.95% / 75.41%
||
7 Day CHG~0.00%
Published-26 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-emc_isilon_onefsIsilon OneFS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-1211
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-1.12% / 77.35%
||
7 Day CHG~0.00%
Published-23 Mar, 2018 | 14:00
Updated-16 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac8emc_idrac7iDRAC7/iDRAC8
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-8007
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-1.65% / 81.23%
||
7 Day CHG~0.00%
Published-22 Sep, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_m\&remc_storage_monitoring_and_reportingemc_vipr_srmemc_vnx_monitoring_and_reportingEMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-36288
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.6||HIGH
EPSS-0.67% / 70.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2022 | 19:50
Updated-16 Sep, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files

Action-Not Available
Vendor-Dell Inc.
Product-vnxe1600vnx5600vnx5400vnx5800vnx_vg10emc_unity_operating_environmentvnx5200vnx_vg50vnx7600vnx8000VNX2
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-25944
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.7||MEDIUM
EPSS-0.40% / 59.75%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 16:30
Updated-04 Feb, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.

Action-Not Available
Vendor-Dell Inc.
Product-openmanage_enterpriseDell OpenManage Enterprise
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-51534
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.09% / 26.66%
||
7 Day CHG+0.01%
Published-01 Feb, 2025 | 04:02
Updated-12 Feb, 2025 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauthorized overwrite of OS files stored on the server filesystem. Exploitation could lead to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-data_domain_operating_systemPowerProtect DD
CWE ID-CWE-29
Path Traversal: '\..\filename'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-34378
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.53%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 17:30
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5370
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.9||HIGH
EPSS-1.14% / 77.56%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.

Action-Not Available
Vendor-Dell Inc.
Product-emc_openmanage_enterpriseOpenManage Enterprise
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-1737
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.44%
||
7 Day CHG+0.05%
Published-09 Mar, 2020 | 15:11
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_engineansible_towerAnsible
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1087
Matching Score-4
Assigner-FreeBSD
ShareView Details
Matching Score-4
Assigner-FreeBSD
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.

Action-Not Available
Vendor-FreeBSD Foundation
Product-freebsdFreeBSD
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-35861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-17 Jul, 2022 | 16:31
Updated-03 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.)

Action-Not Available
Vendor-pyenvn/a
Product-pyenvn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-10330
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.66%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.12% / 32.19%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 15:10
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands.

Action-Not Available
Vendor-ctparental_projectn/a
Product-ctparentaln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-37347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.45%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 11:30
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2015-1322
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-29 Apr, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

Action-Not Available
Vendor-n/aUbuntuCanonical Ltd.
Product-ubuntu_linuxnetwork-managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-4683
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.05% / 15.83%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 01:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-29088
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 09:45
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerSynology DiskStation Manager (DSM)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-28541
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.20% / 42.36%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-updateSamsung Update
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2014-4910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.30% / 52.97%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.

Action-Not Available
Vendor-n/aX.Org Foundation
Product-xf86-video-inteln/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-1082
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.45%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2019windows_10windows_server_2016WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-11073
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-0.26% / 49.53%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 18:55
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in Autoswitch Python Virtualenv

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0

Action-Not Available
Vendor-autoswitch_python_virtualenv_projectMichaelAquilina
Product-autoswitch_python_virtualenvzsh-autoswitch-virtualenv
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found