Total
6516 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-12456 | 1 Mitel | 1 Mivoice Connect | 2024-08-04 | 8.8 High |
A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform directory traversal, and execute arbitrary scripts in the context of the Connect client. | ||||
CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2024-08-04 | 7.5 High |
A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | ||||
CVE-2020-12392 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-08-04 | 5.5 Medium |
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | ||||
CVE-2020-12415 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-08-04 | 6.5 Medium |
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78. | ||||
CVE-2020-12315 | 1 Intel | 1 Endpoint Management Assistant | 2024-08-04 | 9.8 Critical |
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
CVE-2020-12128 | 1 File Transfer Ifamily Project | 1 File Transfer Ifamily | 2024-08-04 | 7.5 High |
DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. | ||||
CVE-2020-12265 | 1 Decompress Project | 1 Decompress | 2024-08-04 | 9.8 Critical |
The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | ||||
CVE-2020-12251 | 1 Gigamon | 1 Gigavue | 2024-08-04 | 2.2 Low |
An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. | ||||
CVE-2020-12112 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 7.5 High |
BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | ||||
CVE-2020-12116 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-04 | 7.5 High |
Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | ||||
CVE-2020-12003 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2024-08-04 | 7.5 High |
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. | ||||
CVE-2020-12102 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-08-04 | 7.7 High |
In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). | ||||
CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2024-08-04 | 7.1 High |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | ||||
CVE-2020-12103 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-08-04 | 7.7 High |
In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. | ||||
CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2024-08-04 | 9.8 Critical |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | ||||
CVE-2020-12026 | 1 Advantech | 1 Webaccess | 2024-08-04 | 8.8 High |
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | ||||
CVE-2020-11763 | 7 Apple, Canonical, Debian and 4 more | 13 Icloud, Ipados, Iphone Os and 10 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp. | ||||
CVE-2020-11819 | 1 Rukovoditel | 1 Rukovoditel | 2024-08-04 | 9.8 Critical |
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | ||||
CVE-2020-11798 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-08-04 | 5.3 Medium |
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. | ||||
CVE-2020-11738 | 1 Snapcreek | 1 Duplicator | 2024-08-04 | 7.5 High |
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. |