Total
6517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14366 | 1 Redhat | 2 Jboss Single Sign On, Keycloak | 2024-08-04 | 6.8 Medium |
| A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | ||||
| CVE-2020-14367 | 3 Canonical, Fedoraproject, Tuxfamily | 3 Ubuntu Linux, Fedora, Chrony | 2024-08-04 | 6.0 Medium |
| A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. | ||||
| CVE-2020-14352 | 3 Fedoraproject, Opensuse, Redhat | 7 Fedora, Backports Sle, Leap and 4 more | 2024-08-04 | 8.0 High |
| A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. | ||||
| CVE-2020-14028 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-08-04 | 7.2 High |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. | ||||
| CVE-2020-13924 | 1 Apache | 1 Ambari | 2024-08-04 | 7.5 High |
| In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | ||||
| CVE-2020-13886 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2024-08-04 | 5.3 Medium |
| Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | ||||
| CVE-2020-13792 | 1 Playtube | 1 Playtube | 2024-08-04 | 4.3 Medium |
| PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. | ||||
| CVE-2020-13795 | 1 Naviwebs | 1 Navigate Cms | 2024-08-04 | 5.3 Medium |
| An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. | ||||
| CVE-2020-13836 | 1 Google | 1 Android | 2024-08-04 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | ||||
| CVE-2020-13818 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-04 | 7.5 High |
| In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | ||||
| CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2024-08-04 | 7.7 High |
| A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13449 | 1 Thecodingmachine | 1 Gotenberg | 2024-08-04 | 7.5 High |
| A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. | ||||
| CVE-2020-13450 | 1 Thecodingmachine | 1 Gotenberg | 2024-08-04 | 9.8 Critical |
| A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. | ||||
| CVE-2020-13419 | 1 Openiam | 1 Openiam | 2024-08-04 | 5.3 Medium |
| OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | ||||
| CVE-2020-13377 | 1 Loadbalancer | 1 Enterprise Va Max | 2024-08-04 | 8.1 High |
| The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files. | ||||
| CVE-2020-13376 | 1 Securenvoy | 1 Securmail | 2024-08-04 | 9.0 Critical |
| SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. | ||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2024-08-04 | 7.5 High |
| openSIS through 7.4 allows Directory Traversal. | ||||
| CVE-2020-13347 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 9.1 Critical |
| A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable. | ||||
| CVE-2020-13355 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | ||||
| CVE-2020-13227 | 1 Sysax | 1 Multi Server | 2024-08-04 | 5.3 Medium |
| An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism. | ||||