Total
6518 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7495 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2024-08-04 | 5.5 Medium |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | ||||
| CVE-2020-7497 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2024-08-04 | 9.8 Critical |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. | ||||
| CVE-2020-7529 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-08-04 | 5.5 Medium |
| A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | ||||
| CVE-2020-7494 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2024-08-04 | 7.8 High |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | ||||
| CVE-2020-7478 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-08-04 | 7.5 High |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. | ||||
| CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2024-08-04 | 4.3 Medium |
| Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | ||||
| CVE-2020-7211 | 4 Libslirp Project, Microsoft, Qemu and 1 more | 4 Libslirp, Windows, Qemu and 1 more | 2024-08-04 | 7.5 High |
| tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | ||||
| CVE-2020-7246 | 1 Qdpm | 1 Qdpm | 2024-08-04 | 8.8 High |
| A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. | ||||
| CVE-2020-7008 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-08-04 | 7.5 High |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. | ||||
| CVE-2020-6974 | 1 Honeywell | 1 Notifier Webserver | 2024-08-04 | 9.8 Critical |
| Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. Honeywell has released a firmware update to address the problem. | ||||
| CVE-2020-6950 | 3 Eclipse, Oracle, Redhat | 14 Mojarra, Banking Enterprise Default Management, Banking Platform and 11 more | 2024-08-04 | 6.5 Medium |
| Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. | ||||
| CVE-2020-6828 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-08-04 | 7.5 High |
| A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | ||||
| CVE-2020-6754 | 1 Dotcms | 1 Dotcms | 2024-08-04 | 9.8 Critical |
| dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application). | ||||
| CVE-2020-6286 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 5.3 Medium |
| The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal. | ||||
| CVE-2020-6225 | 1 Sap | 2 Netweaver Knowledge Management And Collaboration \(kmc-cm\), Netweaver Knowledge Management And Collaboration \(kmc-wpc\) | 2024-08-04 | 8.8 High |
| SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. | ||||
| CVE-2020-6203 | 1 Sap | 1 Netweaver | 2024-08-04 | 9.1 Critical |
| SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs, leading to Path Traversal. | ||||
| CVE-2020-6142 | 1 Os4ed | 1 Opensis | 2024-08-04 | 9.8 Critical |
| A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6109 | 1 Zoom | 1 Zoom | 2024-08-04 | 9.8 Critical |
| An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. | ||||
| CVE-2020-6110 | 1 Zoom | 1 Zoom | 2024-08-04 | 8.8 High |
| An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. | ||||
| CVE-2020-5902 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-08-04 | 9.8 Critical |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. | ||||