Total
6517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25133 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | ||||
| CVE-2020-25149 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | ||||
| CVE-2020-25144 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | ||||
| CVE-2020-25136 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | ||||
| CVE-2020-25150 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-08-04 | 7.6 High |
| A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | ||||
| CVE-2020-25134 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | ||||
| CVE-2020-25068 | 1 Setelsa-security | 1 Conacwin | 2024-08-04 | 7.5 High |
| Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer indicated that the affected version does not exist. Furthermore, they indicated that they detected this problem in an internal audit more than 3 years ago and fixed it in 2017. | ||||
| CVE-2020-25074 | 2 Debian, Moinmo | 2 Debian Linux, Moinmoin | 2024-08-04 | 9.8 Critical |
| The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. | ||||
| CVE-2020-25032 | 3 Debian, Flask-cors Project, Opensuse | 4 Debian Linux, Flask-cors, Backports Sle and 1 more | 2024-08-04 | 7.5 High |
| An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | ||||
| CVE-2020-24990 | 1 Qsc | 1 Q-sys Core Manager | 2024-08-04 | 7.5 High |
| An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. | ||||
| CVE-2020-24855 | 1 Easyjs | 1 Easywebpack-cli | 2024-08-04 | 5.3 Medium |
| Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request. | ||||
| CVE-2020-24742 | 1 Qt | 1 Qt | 2024-08-04 | 7.8 High |
| An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | ||||
| CVE-2020-24626 | 1 Hpe | 1 Utility Computing Service Meter | 2024-08-04 | 9.8 Critical |
| Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | ||||
| CVE-2020-24621 | 1 Openmrs | 1 Htmlformentry | 2024-08-04 | 8.8 High |
| A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed. | ||||
| CVE-2020-24624 | 1 Hpe | 1 Utility Computing Service Meter | 2024-08-04 | 7.5 High |
| Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | ||||
| CVE-2020-24625 | 1 Hpe | 1 Utility Computing Service Meter | 2024-08-04 | 7.5 High |
| Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | ||||
| CVE-2020-24571 | 1 Nexusdb | 1 Nexusdb | 2024-08-04 | 7.5 High |
| NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | ||||
| CVE-2020-24368 | 3 Debian, Icinga, Suse | 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more | 2024-08-04 | 7.5 High |
| Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. | ||||
| CVE-2020-24332 | 3 Fedoraproject, Redhat, Trustedcomputinggroup | 3 Fedora, Enterprise Linux, Trousers | 2024-08-04 | 5.5 Medium |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. | ||||
| CVE-2020-24219 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-08-04 | 7.5 High |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password. | ||||