Total
6518 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10387 | 1 Chadhaajay | 1 Phpkb | 2024-08-04 | 4.9 Medium |
Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to download files from the server using a dot-dot-slash sequence (../) via the GET parameter file. | ||||
CVE-2020-10086 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 5.3 Medium |
GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read. | ||||
CVE-2020-10010 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. | ||||
CVE-2020-10014 | 1 Apple | 2 Mac Os X, Macos | 2024-08-04 | 6.3 Medium |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox. | ||||
CVE-2020-9920 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-08-04 | 9.1 Critical |
A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files. | ||||
CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2024-08-04 | 7.5 High |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | ||||
CVE-2020-9689 | 1 Magento | 1 Magento | 2024-08-04 | 6.5 Medium |
Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
CVE-2020-9663 | 1 Adobe | 1 Adobe Reader | 2024-08-04 | 5.3 Medium |
Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. | ||||
CVE-2020-9323 | 1 Aquaforest | 1 Tiff Server | 2024-08-04 | 5.3 Medium |
Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx. | ||||
CVE-2020-9354 | 1 Smartclient | 1 Smartclient | 2024-08-04 | 7.5 High |
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path traversal. | ||||
CVE-2020-9479 | 1 Apache | 1 Asterixdb | 2024-08-04 | 5.5 Medium |
When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB | ||||
CVE-2020-9364 | 1 Creative-solutions | 1 Creative Contact Form | 2024-08-04 | 5.3 Medium |
An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email. | ||||
CVE-2020-9368 | 1 Oleacorner | 1 Olea Gift On Order | 2024-08-04 | 7.5 High |
The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | ||||
CVE-2020-9325 | 1 Aquaforest | 1 Tiff Server | 2024-08-04 | 7.5 High |
Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download. | ||||
CVE-2020-9252 | 1 Huawei | 8 Magic2, Magic2 Firmware, Mate 20 and 5 more | 2024-08-04 | 2.3 Low |
HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path. | ||||
CVE-2020-9033 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | ||||
CVE-2020-9106 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-08-04 | 4.6 Medium |
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. | ||||
CVE-2020-8996 | 1 Aishu | 1 Anyshare Cloud | 2024-08-04 | 4.3 Medium |
AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the interface/downloadwithpath/downloadfile/?filepath=/etc/passwd URI. | ||||
CVE-2020-9029 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php. | ||||
CVE-2020-9032 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-08-04 | 6.5 Medium |
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. |