Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29494 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2021-01-21 | 5.5 MEDIUM | 8.7 HIGH |
| Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A remote user could potentially exploit this vulnerability, to gain unauthorized write access to the arbitrary files stored on the server filesystem, causing deletion of arbitrary files. | |||||
| CVE-2021-21251 | 1 Onedev Project | 1 Onedev | 2021-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| OneDev is an all-in-one devops platform. In OneDev before version 4.0.3 there is a critical "zip slip" vulnerability. This issue may lead to arbitrary file write. The KubernetesResource REST endpoint untars user controlled data from the request body using TarUtils. TarUtils is a custom library method leveraging Apache Commons Compress. During the untar process, there are no checks in place to prevent an untarred file from traversing the file system and overriding an existing file. For a successful exploitation, the attacker requires a valid __JobToken__ which may not be possible to get without using any of the other reported vulnerabilities. But this should be considered a vulnerability in `io.onedev.commons.utils.TarUtils` since it lives in a different artifact and can affect other projects using it. This issue was addressed in 4.0.3 by validating paths in tar archive to only allow them to be in specified folder when extracted. | |||||
| CVE-2020-27637 | 1 R-project | 1 Cran | 2021-01-20 | 10.0 HIGH | 9.8 CRITICAL |
| The R programming languageās default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3 | |||||
| CVE-2020-5804 | 1 Marvell | 1 Qconvergeconslole Gui | 2021-01-13 | 8.5 HIGH | 8.1 HIGH |
| Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. | |||||
| CVE-2021-23242 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2021-01-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonstrated by the /../../conf/template/uhttpd.json URI. | |||||
| CVE-2021-23241 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2021-01-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLess or login.htm URI (for authentication bypass) to the web server, as demonstrated by the /loginLess/../../etc/passwd URI. | |||||
| CVE-2021-21234 | 1 Spring-boot-actuator-logview Project | 1 Spring-boot-actuator-logview | 2021-01-11 | 4.0 MEDIUM | 7.7 HIGH |
| spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that `filename=../somefile` would not work), the base folder parameter was not sufficiently checked, so that `filename=somefile&base=../` could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy. | |||||
| CVE-2020-13450 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. | |||||
| CVE-2020-13449 | 1 Thecodingmachine | 1 Gotenberg | 2021-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. | |||||
| CVE-2020-36051 | 1 1234n | 1 Minicms | 2021-01-08 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter. | |||||
| CVE-2020-36052 | 1 1234n | 1 Minicms | 2021-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. | |||||
| CVE-2021-3019 | 1 Lanproxy Project | 1 Lanproxy | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. | |||||
| CVE-2020-35883 | 1 Mozwire Project | 1 Mozwire | 2021-01-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | |||||
| CVE-2018-19945 | 1 Qnap | 1 Qts | 2021-01-06 | 8.5 HIGH | 9.1 CRITICAL |
| A vulnerability has been reported to affect earlier QNAP devices running QTS 4.3.4 to 4.3.6. Caused by improper limitations of a pathname to a restricted directory, this vulnerability allows for renaming arbitrary files on the target system, if exploited. QNAP have already fixed this vulnerability in the following versions: QTS 4.3.6.0895 build 20190328 (and later) QTS 4.3.4.0899 build 20190322 (and later) This issue does not affect QTS 4.4.x or QTS 4.5.x. | |||||
| CVE-2020-22550 | 1 Veno File Manager Project | 1 Veno File Manager | 2021-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server. | |||||
| CVE-2020-27534 | 1 Docker | 1 Docker | 2021-01-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | |||||
| CVE-2020-35284 | 1 Flamingoim Project | 1 Flamingoim | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product's source code is available. | |||||
| CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | |||||
| CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | |||||
| CVE-2020-35736 | 1 Liftoffsoftware | 1 Gateone | 2020-12-29 | 5.0 MEDIUM | 7.5 HIGH |
| GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | |||||