Total
6515 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0226 | 1 Apache | 1 Karaf | 2024-08-04 | N/A |
| Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later. | ||||
| CVE-2019-0191 | 1 Apache | 1 Karaf | 2024-08-04 | N/A |
| Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted. | ||||
| CVE-2019-0194 | 2 Apache, Redhat | 2 Camel, Jboss Fuse | 2024-08-04 | N/A |
| Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. | ||||
| CVE-2020-36629 | 1 Httpster Project | 1 Httpster | 2024-08-04 | 5.5 Medium |
| A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748. | ||||
| CVE-2020-36647 | 1 Yunohost | 1 Transmission Ynh | 2024-08-04 | 5.5 Medium |
| A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability. | ||||
| CVE-2020-36651 | 1 Nodeserver Project | 1 Nodeserver | 2024-08-04 | 5.5 Medium |
| A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability. | ||||
| CVE-2020-36628 | 1 Android Processing Development Environment Project | 1 Android Processing Development Environment | 2024-08-04 | 5.5 Medium |
| A vulnerability classified as critical has been found in Calsign APDE. This affects the function handleExtract of the file APDE/src/main/java/com/calsignlabs/apde/build/dag/CopyBuildTask.java of the component ZIP File Handler. The manipulation leads to path traversal. Upgrading to version 0.5.2-pre2-alpha is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216747. | ||||
| CVE-2020-36561 | 1 Unzip Project | 1 Unzip | 2024-08-04 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36639 | 2 Alliedmods, Microsoft | 2 Amx Mod X, Windows | 2024-08-04 | 4.3 Medium |
| A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability. | ||||
| CVE-2020-36566 | 1 Tar-utils Project | 1 Tar-utils | 2024-08-04 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36559 | 1 Aahframework | 1 Aah | 2024-08-04 | 7.5 High |
| Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | ||||
| CVE-2020-36565 | 2 Labstack, Microsoft | 2 Echo, Windows | 2024-08-04 | 5.3 Medium |
| Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | ||||
| CVE-2020-36560 | 1 Go-unzip Project | 1 Go-unzip | 2024-08-04 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36488 | 1 Sky File Project | 1 Sky File | 2024-08-04 | 6.5 Medium |
| An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | ||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2024-08-04 | 9.1 Critical |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | ||||
| CVE-2020-36241 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gnome-autoar, Enterprise Linux | 2024-08-04 | 5.5 Medium |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||||
| CVE-2020-36314 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, File-roller, Enterprise Linux | 2024-08-04 | 3.9 Low |
| fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | ||||
| CVE-2020-36142 | 1 Bloofox | 1 Bloofoxcms | 2024-08-04 | 6.5 Medium |
| BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | ||||
| CVE-2020-36193 | 5 Debian, Drupal, Fedoraproject and 2 more | 6 Debian Linux, Drupal, Fedora and 3 more | 2024-08-04 | 7.5 High |
| Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. | ||||
| CVE-2020-36052 | 1 1234n | 1 Minicms | 2024-08-04 | 9.8 Critical |
| Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. | ||||