Total
6518 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-08-04 | 6.8 Medium |
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | ||||
CVE-2020-8209 | 1 Citrix | 1 Xenmobile Server | 2024-08-04 | 7.5 High |
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | ||||
CVE-2020-8159 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack Page-caching | 2024-08-04 | 9.8 Critical |
There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | ||||
CVE-2020-8144 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-08-04 | 8.4 High |
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer. | ||||
CVE-2020-8161 | 4 Canonical, Debian, Rack Project and 1 more | 5 Ubuntu Linux, Debian Linux, Rack and 2 more | 2024-08-04 | 8.6 High |
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure. | ||||
CVE-2020-8131 | 2 Redhat, Yarnpkg | 2 Quay, Yarn | 2024-08-04 | 7.5 High |
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | ||||
CVE-2020-8009 | 1 Motu | 21 112d, 1248, 16a and 18 more | 2024-08-04 | 7.5 High |
AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. | ||||
CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 7.5 High |
GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | ||||
CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-08-04 | 7.5 High |
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | ||||
CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2024-08-04 | 6.8 Medium |
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | ||||
CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2024-08-04 | 8.4 High |
AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | ||||
CVE-2020-7650 | 1 Synk | 1 Broker | 2024-08-04 | 6.5 Medium |
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | ||||
CVE-2020-7648 | 1 Synk | 1 Broker | 2024-08-04 | 6.5 Medium |
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` | ||||
CVE-2020-7651 | 1 Synk | 1 Broker | 2024-08-04 | 4.3 Medium |
All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | ||||
CVE-2020-7652 | 1 Synk | 1 Broker | 2024-08-04 | 6.5 Medium |
All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | ||||
CVE-2020-7473 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-08-04 | 7.5 High |
In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk. | ||||
CVE-2020-7647 | 1 Jooby | 1 Jooby | 2024-08-04 | 5.3 Medium |
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. | ||||
CVE-2020-7522 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-08-04 | 9.8 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | ||||
CVE-2020-7535 | 1 Schneider-electric | 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more | 2024-08-04 | 7.5 High |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | ||||
CVE-2020-7521 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-08-04 | 9.8 Critical |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. |