Total
6555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5590 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | |||||
| CVE-2020-5588 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. | |||||
| CVE-2020-5581 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors. | |||||
| CVE-2020-5554 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. | |||||
| CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
| Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | |||||
| CVE-2020-5512 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
| Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | |||||
| CVE-2020-5410 | 1 Vmware | 1 Spring Cloud Config | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. | |||||
| CVE-2020-5405 | 1 Vmware | 1 Spring Cloud Config | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. | |||||
| CVE-2020-5377 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station. | |||||
| CVE-2020-5370 | 1 Dell | 1 Emc Openmanage Enterprise | 2024-11-21 | 6.0 MEDIUM | 7.9 HIGH |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions. | |||||
| CVE-2020-5366 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files. | |||||
| CVE-2020-5284 | 1 Zeit | 1 Next.js | 2024-11-21 | 5.0 MEDIUM | 4.4 MEDIUM |
| Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. | |||||
| CVE-2020-5280 | 1 Typelevel | 1 Http4s | 2024-11-21 | 5.0 MEDIUM | 7.6 HIGH |
| http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported. | |||||
| CVE-2020-5237 | 1 1up | 1 Oneupuploaderbundle | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem (potentially leading to arbitrary code execution) via the (1) filename parameter to BlueimpController.php; the (2) dzchunkindex, (3) dzuuid, or (4) filename parameter to DropzoneController.php; the (5) qqpartindex, (6) qqfilename, or (7) qquuid parameter to FineUploaderController.php; the (8) x-file-id or (9) x-file-name parameter to MooUploadController.php; or the (10) name or (11) chunk parameter to PluploadController.php. This is fixed in versions 1.9.3 and 2.1.5. | |||||
| CVE-2020-5221 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11 | |||||
| CVE-2020-5187 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2). | |||||
| CVE-2020-5016 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556. | |||||
| CVE-2020-5001 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953. | |||||
| CVE-2020-4993 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905. | |||||
| CVE-2020-4934 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 191752. | |||||