Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27896 | 1 Apple | 1 Mac Os X | 2020-12-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system. | |||||
| CVE-2020-7535 | 1 Schneider-electric | 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | |||||
| CVE-2020-7790 | 1 Spatie | 1 Browsershot | 2020-12-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | |||||
| CVE-2020-10977 | 1 Gitlab | 1 Gitlab | 2020-12-11 | 2.1 LOW | 5.5 MEDIUM |
| GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. | |||||
| CVE-2020-13886 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2020-12-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | |||||
| CVE-2020-5752 | 1 Druva | 1 Insync Client | 2020-12-08 | 7.2 HIGH | 7.8 HIGH |
| Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | |||||
| CVE-2004-1991 | 1 Aldostools | 1 Aldo\'s Web Server | 2020-12-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2020-4000 | 1 Vmware | 1 Sd-wan Orchestrator | 2020-12-07 | 6.5 MEDIUM | 8.8 HIGH |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal. An authenticated SD-WAN Orchestrator user is able to traversal directories which may lead to code execution of files. | |||||
| CVE-2018-1048 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | |||||
| CVE-2020-28348 | 1 Hashicorp | 1 Nomad | 2020-12-04 | 6.3 MEDIUM | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | |||||
| CVE-2020-29373 | 1 Linux | 1 Linux Kernel | 2020-12-02 | 2.1 LOW | 6.5 MEDIUM |
| An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | |||||
| CVE-2020-28574 | 1 Trendmicro | 1 Worry-free Business Security | 2020-12-02 | 6.4 MEDIUM | 7.5 HIGH |
| A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console. | |||||
| CVE-2020-28993 | 1 Atx | 2 Minicmts200a, Minicmts200a Firmware | 2020-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request. | |||||
| CVE-2020-13355 | 1 Gitlab | 1 Gitlab | 2020-12-01 | 5.5 MEDIUM | 8.1 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-27553 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2020-12-01 | 5.0 MEDIUM | 7.5 HIGH |
| In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability. | |||||
| CVE-2020-15928 | 1 Ortussolutions | 1 Testbox | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal. | |||||
| CVE-2020-26405 | 1 Gitlab | 1 Gitlab | 2020-12-01 | 5.5 MEDIUM | 7.1 HIGH |
| Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2015-1493 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | |||||
| CVE-2013-4524 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path. | |||||
| CVE-2020-8271 | 1 Citrix | 1 Sd-wan | 2020-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | |||||
| CVE-2019-19877 | 1 Br-automation | 1 Industrial Automation Aprol | 2020-11-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. | |||||
| CVE-2017-15681 | 1 Craftercms | 1 Crafter Cms | 2020-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE. | |||||
| CVE-2017-15684 | 1 Craftercms | 1 Crafter Cms | 2020-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system. | |||||
| CVE-2020-26078 | 1 Cisco | 1 Iot Field Network Director | 2020-11-25 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. | |||||
| CVE-2017-9511 | 2 Atlassian, Microsoft | 3 Crucible, Fisheye, Windows | 2020-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | |||||
| CVE-2020-3588 | 1 Cisco | 1 Webex Meetings | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop environment and using virtual environment optimization. This vulnerability is due to improper validation of messages processed by the Cisco Webex Meetings Desktop App. A local attacker with limited privileges could exploit this vulnerability by sending malicious messages to the affected software by using the virtualization channel interface. A successful exploit could allow the attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user. Note: This vulnerability can be exploited only when Cisco Webex Meetings Desktop App is in a virtual desktop environment on a hosted virtual desktop (HVD) and is configured to use the Cisco Webex Meetings virtual desktop plug-in for thin clients. | |||||
| CVE-2020-25074 | 2 Debian, Moinmo | 2 Debian Linux, Moinmoin | 2020-11-24 | 7.5 HIGH | 9.8 CRITICAL |
| The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. | |||||
| CVE-2020-12315 | 1 Intel | 1 Endpoint Management Assistant | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2020-27128 | 1 Cisco | 1 Sd-wan | 2020-11-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to write arbitrary files to an affected system. The vulnerability is due to improper validation of requests to APIs. An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and write files to an arbitrary location on the targeted system. | |||||
| CVE-2020-7758 | 1 Browserless | 1 Chrome | 2020-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. | |||||
| CVE-2020-24990 | 1 Qsc | 1 Q-sys Core Manager | 2020-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. | |||||
| CVE-2020-14366 | 1 Redhat | 1 Keycloak | 2020-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | |||||
| CVE-2020-15703 | 1 Aptdaemon Project | 1 Aptdaemon | 2020-11-17 | 2.1 LOW | 3.3 LOW |
| There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. | |||||
| CVE-2007-4723 | 2 Apache, Ragnarok Online Control Panel Project | 2 Http Server, Ragnarok Online Control Panel | 2020-11-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page. | |||||
| CVE-2009-4427 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2020-11-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. | |||||
| CVE-2005-2792 | 1 Phpldapadmin Project | 1 Phpldapadmin | 2020-11-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. | |||||
| CVE-2020-25780 | 1 Commvault | 1 Commcell | 2020-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. | |||||
| CVE-2020-25068 | 1 Setelsa-security | 1 Conacwin | 2020-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability allows a remote unauthenticated attacker to read internal files on the server via an http:IP:PORT/../../path/file_to_disclose Directory Traversal URI. NOTE: The manufacturer indicated that the affected version does not exist. Furthermore, they indicated that they detected this problem in an internal audit more than 3 years ago and fixed it in 2017. | |||||
| CVE-2020-24406 | 1 Magento | 1 Magento | 2020-11-12 | 4.3 MEDIUM | 3.7 LOW |
| When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier) are affected by an information disclosure vulnerability that could expose the installation path during build deployments. This information could be helpful to attackers if they are able to identify other exploitable vulnerabilities in the environment. | |||||
| CVE-2020-12147 | 1 Silver-peak | 1 Unity Orchestrator | 2020-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing. | |||||
| CVE-2020-12146 | 1 Silver-peak | 1 Unity Orchestrator | 2020-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. | |||||
| CVE-2015-9538 | 1 Imagely | 1 Nextgen Gallery | 2020-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | |||||
| CVE-2020-7757 | 1 Droppy Project | 1 Droppy | 2020-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | |||||
| CVE-2019-9686 | 1 Pacman Project | 1 Pacman | 2020-11-09 | 9.3 HIGH | 8.8 HIGH |
| pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c. | |||||
| CVE-2020-14352 | 3 Fedoraproject, Opensuse, Redhat | 4 Fedora, Backports Sle, Leap and 1 more | 2020-11-09 | 8.5 HIGH | 8.0 HIGH |
| A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. | |||||
| CVE-2020-9368 | 1 Oleacorner | 1 Olea Gift On Order | 2020-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | |||||
| CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2020-11-04 | 6.4 MEDIUM | 7.5 HIGH |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | |||||
| CVE-2020-8254 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2020-11-03 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. | |||||
| CVE-2020-27993 | 1 Hrsale | 1 Hrsale | 2020-11-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. | |||||
| CVE-2020-15229 | 1 Sylabs | 1 Singularity | 2020-11-02 | 5.8 MEDIUM | 9.3 CRITICAL |
| Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image or a single file containing a squashfs filesystem and is coming from remote sources `library://` or `shub://`. Image build is also impacted in a more serious way as it can be used by a root user, allowing an attacker to overwrite/create files leading to a system compromise, so far bootstrap methods `library`, `shub` and `localimage` are triggering the squashfs extraction. This issue is addressed in Singularity 3.6.4. All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user. There is no solid workaround except to temporary avoid to use unprivileged mode with single file images in favor of sandbox images instead. Regarding image build, temporary avoid to build from `library` and `shub` sources and as much as possible use `--fakeroot` or a VM for that. | |||||