Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24406 | 1 Magento | 1 Magento | 2020-11-12 | 4.3 MEDIUM | 3.7 LOW |
| When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment. | |||||
| CVE-2020-12147 | 1 Silver-peak | 1 Unity Orchestrator | 2020-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing. | |||||
| CVE-2020-12146 | 1 Silver-peak | 1 Unity Orchestrator | 2020-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. | |||||
| CVE-2015-9538 | 1 Imagely | 1 Nextgen Gallery | 2020-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | |||||
| CVE-2020-7757 | 1 Droppy Project | 1 Droppy | 2020-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | |||||
| CVE-2019-9686 | 1 Pacman Project | 1 Pacman | 2020-11-09 | 9.3 HIGH | 8.8 HIGH |
| pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c. | |||||
| CVE-2020-14352 | 3 Fedoraproject, Opensuse, Redhat | 4 Fedora, Backports Sle, Leap and 1 more | 2020-11-09 | 8.5 HIGH | 8.0 HIGH |
| A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. | |||||
| CVE-2020-9368 | 1 Oleacorner | 1 Olea Gift On Order | 2020-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | |||||
| CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2020-11-03 | 6.4 MEDIUM | 7.5 HIGH |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | |||||
| CVE-2020-8254 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2020-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. | |||||
| CVE-2020-27993 | 1 Hrsale | 1 Hrsale | 2020-11-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. | |||||
| CVE-2020-4782 | 1 Ibm | 1 Websphere Application Server | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2020-3550 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2020-10-30 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device. | |||||
| CVE-2020-3597 | 1 Cisco | 1 Nexus Data Broker | 2020-10-29 | 5.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device. | |||||
| CVE-2019-20851 | 1 Mattermost | 1 Mattermost | 2020-10-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. | |||||
| CVE-2020-15239 | 1 Xmpp-http-upload Project | 1 Xmpp-http-upload | 2020-10-22 | 4.0 MEDIUM | 3.5 LOW |
| In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of authentication or other limitations on the outbound (GET) traffic. For example, in a scenario where a single server has multiple instances of the application running (with separate DATA_ROOT settings), an attacker who has knowledge about the directory structure is able to read files from any other instance to which the process has read access. If instances have individual authentication (for example, HTTP authentication via a reverse proxy, source IP based filtering) or other restrictions (such as quotas), attackers may circumvent those limits in such a scenario by using the Directory Traversal to retrieve data from the other instances. If the associated XMPP server (or anyone knowing the SECRET_KEY) is malicious, they can write files outside the DATA_ROOT. The files which are written are constrained to have the `.meta` and the `.data` suffixes; the `.meta` file will contain the JSON with the Content-Type of the original request and the `.data` file will contain the payload. The issue is patched in version 0.4.0. | |||||
| CVE-2020-15012 | 1 Sonatype | 1 Nexus Repository Manager | 2020-10-21 | 7.8 HIGH | 8.6 HIGH |
| A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). | |||||
| CVE-2020-4776 | 1 Ibm | 1 Curam Social Program Management | 2020-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted file path in URL request to view arbitrary files on the system. IBM X-Force ID: 189154. | |||||
| CVE-2019-7618 | 1 Elastic | 1 Kibana | 2020-10-16 | 3.5 LOW | 6.5 MEDIUM |
| A local file disclosure flaw was found in Elastic Code versions 7.3.0, 7.3.1, and 7.3.2. If a malicious code repository is imported into Code it is possible to read arbitrary files from the local filesystem of the Kibana instance running Code with the permission of the Kibana system user. | |||||
| CVE-2019-10168 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 6 more | 2020-10-15 | 4.6 MEDIUM | 7.8 HIGH |
| The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. | |||||