Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5284 | 1 Zeit | 1 Next.js | 2020-04-01 | 5.0 MEDIUM | 4.3 MEDIUM |
| Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. | |||||
| CVE-2020-10696 | 2 Buildah Project, Redhat | 3 Buildah, Enterprise Linux, Openshift Container Platform | 2020-04-01 | 9.3 HIGH | 8.8 HIGH |
| A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | |||||
| CVE-2020-4240 | 1 Ibm | 1 Spectrum Protect Plus | 2020-03-31 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417. | |||||
| CVE-2020-10953 | 1 Gitlab | 1 Gitlab | 2020-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. | |||||
| CVE-2015-8535 | 1 Lenovo | 1 Solution Center | 2020-03-31 | 7.2 HIGH | 7.8 HIGH |
| MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges. | |||||
| CVE-2020-5280 | 1 Typelevel | 1 Http4s | 2020-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location. This issue is patched in versions 0.18.26, 0.20.20, and 0.21.2. Note that 0.19.0 is a deprecated release and has never been supported. | |||||
| CVE-2020-5554 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2020-03-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. | |||||
| CVE-2019-14751 | 1 Nltk | 1 Nltk | 2020-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction. | |||||
| CVE-2002-2154 | 1 Monkey-project | 1 Monkey | 2020-03-26 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences. | |||||
| CVE-2014-6037 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2020-03-26 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072. | |||||
| CVE-2020-10875 | 1 Zebra | 2 Fx9500, Fx9500 Firmware | 2020-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. | |||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2020-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | |||||
| CVE-2020-8131 | 1 Yarnpkg | 1 Yarn | 2020-03-24 | 5.1 MEDIUM | 7.5 HIGH |
| Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | |||||
| CVE-2019-3696 | 2 Opensuse, Suse | 5 Leap, Pcp, Linux Enterprise High Performance Computing and 2 more | 2020-03-24 | 4.4 MEDIUM | 7.3 HIGH |
| A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1. | |||||
| CVE-2019-16064 | 1 Netsas | 1 Enigma Network Management Solution | 2020-03-23 | 5.5 MEDIUM | 9.6 CRITICAL |
| NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance. | |||||
| CVE-2020-8600 | 1 Trendmicro | 1 Worry-free Business Security | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication. | |||||
| CVE-2018-18894 | 1 Lexmark | 98 6500e, 6500e Firmware, C748 and 95 more | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | |||||
| CVE-2019-12182 | 1 Safescan | 14 Ta-8010, Ta-8010 Firmware, Ta-8015 and 11 more | 2020-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API. | |||||
| CVE-2018-18576 | 1 Incsub | 1 Hustle | 2020-03-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Hustle (aka wordpress-popup) plugin through 6.0.5 for WordPress allows Directory Traversal to obtain a directory listing via the views/admin/dashboard/ URI. | |||||
| CVE-2020-10564 | 1 Iptanus | 1 Wordpress File Upload | 2020-03-19 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal can lead to remote code execution by uploading a crafted txt file into the lib directory, because of a wfu_include_lib call. | |||||