Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5554 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
|
|||||
| CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
|
Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal.
|
|||||
| CVE-2020-5512 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
|
Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal.
|
|||||
| CVE-2020-5405 | 1 Vmware | 1 Spring Cloud Config | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
|
|||||
| CVE-2020-5377 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
|
|||||
| CVE-2020-5370 | 1 Dell | 1 Emc Openmanage Enterprise | 2024-11-21 | 6.0 MEDIUM | 7.9 HIGH |
|
Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.
|
|||||
| CVE-2020-5366 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
|
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
|
|||||
| CVE-2020-5284 | 1 Zeit | 1 Next.js | 2024-11-21 | 5.0 MEDIUM | 4.4 MEDIUM |
|
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
|
|||||
| CVE-2020-5280 | 1 Typelevel | 1 Http4s | 2024-11-21 | 5.0 MEDIUM | 7.6 HIGH |
|
http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.1 ...
Show More |
|||||
| CVE-2020-5237 | 1 1up | 1 Oneupuploaderbundle | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name p ...
Show More |
|||||
| CVE-2020-5221 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
|
|||||
| CVE-2020-5187 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
|
|||||
| CVE-2020-5016 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556.
|
|||||
| CVE-2020-5001 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
|
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.
|
|||||
| CVE-2020-4993 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905.
|
|||||
| CVE-2020-4934 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752.
|
|||||
| CVE-2020-4789 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.
|
|||||
| CVE-2020-4782 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
|
|||||
| CVE-2020-4776 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154.
|
|||||
| CVE-2020-4711 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 187501.
|
|||||
| CVE-2020-4272 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.
|
|||||
| CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.
|
|||||
| CVE-2020-4209 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019.
|
|||||
| CVE-2020-4053 | 1 Helm | 1 Helm | 2024-11-21 | 8.5 HIGH | 3.7 LOW |
|
In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.
|
|||||
| CVE-2020-4039 | 1 Fossasia | 1 Susi.ai | 2024-11-21 | 6.4 MEDIUM | 8.6 HIGH |
|
SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted.
|
|||||
| CVE-2020-4000 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files.
|
|||||
| CVE-2020-3717 | 1 Magento | 1 Magento | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
|||||
| CVE-2020-3597 | 1 Cisco | 1 Nexus Data Broker | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessibl ...
Show More |
|||||
| CVE-2020-3588 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sendi ...
Show More |
|||||
| CVE-2020-3490 | 1 Cisco | 1 Vision Dynamic Signage Director | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory trave ...
Show More |
|||||
| CVE-2020-3440 | 1 Cisco | 1 Webex Meetings | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. The vulnerability is due to improper validation of URL parameters that are sent from a website to the affected application. An attacker could exploit this vulnerability by persuading a user to follow a URL to a website that is designed to submit crafted input to the affected application. A successful exploit could allow the attacker t ...
Show More |
|||||
| CVE-2020-3401 | 1 Cisco | 12 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the atta ...
Show More |
|||||
| CVE-2020-3383 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privile ...
Show More |
|||||
| CVE-2020-3381 | 1 Cisco | 5 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbi ...
Show More |
|||||
| CVE-2020-3365 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the directory permissions of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a directory traversal attack on a limited set of restricted directories. The vulnerability is due to a flaw in the logic that governs directory permissions. An attacker could exploit this vulnerability by using capabilities that are not controlled by the role-based access control (RBAC) mechanisms of the software. A successful exploit could ...
Show More |
|||||
| CVE-2020-3252 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2020-3251 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2020-3249 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2020-3248 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2020-3247 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||