Total
6519 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5614 | 1 Kujirahand | 1 Konawiki | 2024-08-04 | 5.3 Medium |
| Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2020-5590 | 1 Ec-cube | 1 Ec-cube | 2024-08-04 | 8.1 High |
| Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | ||||
| CVE-2020-5512 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 6.8 Medium |
| Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | ||||
| CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 6.8 Medium |
| Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | ||||
| CVE-2020-5280 | 1 Typelevel | 1 Http4s | 2024-08-04 | 7.6 High |
| http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported. | ||||
| CVE-2020-5187 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-08-04 | 8.8 High |
| DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | ||||
| CVE-2020-5284 | 1 Zeit | 1 Next.js | 2024-08-04 | 4.4 Medium |
| Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. | ||||
| CVE-2020-5237 | 1 1up | 1 Oneupuploaderbundle | 2024-08-04 | 8.8 High |
| Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5. | ||||
| CVE-2020-5221 | 1 Troglobit | 1 Uftpd | 2024-08-04 | 6.5 Medium |
| In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 | ||||
| CVE-2020-5001 | 1 Ibm | 1 Financial Transaction Manager | 2024-08-04 | 4.3 Medium |
| IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. | ||||
| CVE-2020-4053 | 1 Helm | 1 Helm | 2024-08-04 | 3.7 Low |
| In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4. | ||||
| CVE-2020-4039 | 1 Fossasia | 1 Susi.ai | 2024-08-04 | 8.6 High |
| SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved or deleted. | ||||
| CVE-2020-4000 | 1 Vmware | 1 Sd-wan Orchestrator | 2024-08-04 | 8.8 High |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files. | ||||
| CVE-2020-3717 | 1 Magento | 1 Magento | 2024-08-04 | 5.3 Medium |
| Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have a path traversal vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2020-2278 | 1 Jenkins | 1 Storable Configs | 2024-08-04 | 6.5 Medium |
| Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the user-specified file name, allowing attackers with Job/Configure permission to replace any other '.xml' file on the Jenkins controller with a job config.xml file's content. | ||||
| CVE-2020-2275 | 1 Jenkins | 1 Copy Data To Workspace | 2024-08-04 | 6.5 Medium |
| Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit which directories can be copied from the Jenkins controller to job workspaces, allowing attackers with Job/Configure permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2277 | 1 Jenkins | 1 Storable Configs | 2024-08-04 | 6.5 Medium |
| Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/Read permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2020-2254 | 2 Jenkins, Redhat | 2 Blue Ocean, Openshift | 2024-08-04 | 6.5 Medium |
| Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented feature flag that, when enabled, allows an attacker with Job/Configure or Job/Create permission to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2020-2139 | 1 Jenkins | 1 Cobertura | 2024-08-04 | 6.5 Medium |
| An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 and earlier allows attackers able to control the coverage report file contents to overwrite any file on the Jenkins master file system. | ||||
| CVE-2020-1904 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-08-04 | 5.5 Medium |
| A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages. | ||||