Total
7155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8463 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths. | |||||
| CVE-2020-8446 | 1 Ossec | 1 Ossec | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user. | |||||
| CVE-2020-8271 | 1 Citrix | 1 Sd-wan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | |||||
| CVE-2020-8254 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. | |||||
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
| Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | |||||
| CVE-2020-8222 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated attacker via the administrator web interface to perform an arbitrary file reading vulnerability through Meeting. | |||||
| CVE-2020-8221 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated attacker to read arbitrary files via the administrator web interface. | |||||
| CVE-2020-8214 | 1 Servey Project | 1 Servey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbitrary file. | |||||
| CVE-2020-8209 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | |||||
| CVE-2020-8161 | 3 Canonical, Debian, Rack Project | 3 Ubuntu Linux, Debian Linux, Rack | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | |||||
| CVE-2020-8159 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack Page-caching | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | |||||
| CVE-2020-8144 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 5.2 MEDIUM | 8.4 HIGH |
| The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer. | |||||
| CVE-2020-8131 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | |||||
| CVE-2020-8009 | 1 Motu | 21 112d, 1248, 16a and 18 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||||
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | |||||
| CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2024-11-21 | 7.5 HIGH | 8.4 HIGH |
| AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | |||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | |||||
| CVE-2020-7790 | 1 Spatie | 1 Browsershot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | |||||
| CVE-2020-7763 | 1 Jsreport | 1 Phantom-html-to-pdf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package phantom-html-to-pdf before 0.6.1. | |||||