Total
7155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6767 | 1 Bosch | 5 Divar Ip 3000, Divar Ip 7000, Divar Ip All-in-one 5000 and 2 more | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files from the Central Server. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch BVMS Viewer versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable BVMS version is installed. | |||||
| CVE-2020-6754 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). | |||||
| CVE-2020-6286 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal. | |||||
| CVE-2020-6225 | 1 Sap | 2 Netweaver Knowledge Management And Collaboration \(kmc-cm\), Netweaver Knowledge Management And Collaboration \(kmc-wpc\) | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. | |||||
| CVE-2020-6203 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. | |||||
| CVE-2020-6142 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6110 | 1 Zoom | 1 Zoom | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. | |||||
| CVE-2020-6109 | 1 Zoom | 1 Zoom | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. | |||||
| CVE-2020-5840 | 1 Hashbrowncms | 1 Hashbrown Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | |||||
| CVE-2020-5834 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. | |||||
| CVE-2020-5811 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | |||||
| CVE-2020-5804 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. | |||||
| CVE-2020-5803 | 1 Marvell | 1 Qconvergeconsole | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | |||||
| CVE-2020-5789 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | |||||
| CVE-2020-5788 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action. | |||||
| CVE-2020-5787 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action. | |||||
| CVE-2020-5764 | 1 Mxplayer | 1 Mx Player | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. | |||||
| CVE-2020-5752 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | |||||
| CVE-2020-5744 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticated attacker to read the contents of arbitrary files on disk. | |||||
| CVE-2020-5720 | 1 Mikrotik | 1 Winbox | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerability that allows creation of arbitrary files wherevere WinBox has write permissions. WinBox is vulnerable to this attack if it connects to a malicious endpoint or if an attacker mounts a man in the middle attack. | |||||