Total
7147 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27534 | 1 Docker | 1 Docker | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | |||||
| CVE-2020-27514 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | |||||
| CVE-2020-27467 | 1 Processwire | 1 Processwire | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | |||||
| CVE-2020-27385 | 1 Flexdotnetcms Project | 1 Flexdotnetcms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\<file> in the input field of the FileEditor. In FlexDotnetCMS before v1.5.8, it is also possible to access files by specifying the full path (e.g., C:\<file>). The files can then be edited via the FileEditor. | |||||
| CVE-2020-27304 | 2 Civetweb Project, Siemens | 2 Civetweb, Sinec Infrastructure Network Services | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal | |||||
| CVE-2020-27160 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | |||||
| CVE-2020-27128 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. | |||||
| CVE-2020-26837 | 1 Sap | 1 Solution Manager | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable. | |||||
| CVE-2020-26806 | 1 Objectplanet | 1 Opinio | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code. | |||||
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | |||||
| CVE-2020-26603 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). | |||||
| CVE-2020-26405 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-26299 | 1 Ftp-srv Project | 1 Ftp-srv | 2024-11-21 | 5.5 MEDIUM | 6.3 MEDIUM |
| ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. When windows separators exist within the path (`\`), `path.resolve` leaves the upper pointers intact and allows the user to move beyond the root folder defined for that user. We did not take that into account when creating the path resolve function. The issue is patched in version 4.4.0 (commit 457b859450a37cba10ff3c431eb4aa67771122e3). | |||||
| CVE-2020-26295 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved | |||||
| CVE-2020-26285 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an executable file on the server. The latest OpenMage Versions up from 19.4.9 and 20.0.5 have this Issue solved | |||||
| CVE-2020-26279 | 1 Protocol | 1 Go-ipfs | 2024-11-21 | 5.5 MEDIUM | 7.7 HIGH |
| go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. This is fixed in version 0.8.0-rc1. | |||||
| CVE-2020-26252 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved. | |||||
| CVE-2020-26078 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. | |||||
| CVE-2020-26065 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | |||||
| CVE-2020-26037 | 1 Evenbalance | 1 Punkbuster | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. | |||||