Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10038 | 1 Evernote | 1 Evernote | 2020-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file. | |||||
| CVE-2018-20058 | 1 Evernote | 1 Evernote | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | |||||
| CVE-2020-12448 | 1 Gitlab | 1 Gitlab | 2020-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet. | |||||
| CVE-2020-12447 | 1 Onkyo | 2 Tx-nr585, Tx-nr585 Firmware | 2020-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow. | |||||
| CVE-2019-19102 | 1 Br-automation | 1 Automation Studio | 2020-05-08 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories. The vulnerability is also known as zip slip. | |||||
| CVE-2020-12475 | 1 Tp-link | 1 Omada Controller | 2020-05-08 | 2.1 LOW | 5.5 MEDIUM |
| TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | |||||
| CVE-2020-4209 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2020-05-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. | |||||
| CVE-2020-4430 | 1 Ibm | 1 Data Risk Manager | 2020-05-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. | |||||
| CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2020-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | |||||
| CVE-2018-19328 | 1 Laobancms | 1 Laobancms | 2020-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | |||||
| CVE-2020-12443 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive. | |||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 9 Ubuntu Linux, Debian Linux, Git and 6 more | 2020-05-01 | 6.8 MEDIUM | 7.8 HIGH |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | |||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2020-05-01 | 6.5 MEDIUM | 8.8 HIGH |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | |||||
| CVE-2020-12128 | 1 File Transfer Ifamily Project | 1 File Transfer Ifamily | 2020-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. | |||||
| CVE-2020-10506 | 1 The School Manage System Project | 1 The School Manage System | 2020-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. | |||||
| CVE-2016-1000112 | 1 Contussupport | 1 Contus-video-comments | 2020-04-29 | 9.4 HIGH | 9.1 CRITICAL |
| Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | |||||
| CVE-2020-3177 | 1 Cisco | 2 Unified Communications Manager, Unified Contact Center Express | 2020-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system. | |||||
| CVE-2020-1699 | 2 Linuxfoundation, Redhat | 2 Ceph, Ceph Storage | 2020-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. | |||||
| CVE-2017-2245 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2020-04-23 | 4.0 MEDIUM | 5.0 MEDIUM |
| Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-18824 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 2.1 LOW | 3.3 LOW |
| Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||