Total
7028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7651 | 1 Synk | 1 Broker | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | |||||
| CVE-2020-7650 | 1 Synk | 1 Broker | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json. | |||||
| CVE-2020-7649 | 1 Snyk | 1 Broker | 2024-11-21 | N/A | 4.9 MEDIUM |
| This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | |||||
| CVE-2020-7648 | 1 Synk | 1 Broker | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json` | |||||
| CVE-2020-7647 | 1 Jooby | 1 Jooby | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. | |||||
| CVE-2020-7535 | 1 Schneider-electric | 42 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 39 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP. | |||||
| CVE-2020-7529 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place content in any unprotected folder on the target system using a crafted .RCZ file. | |||||
| CVE-2020-7522 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2020-7521 | 1 Schneider-electric | 1 Apc Easy Ups Online Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `FileUploadServlet` which may lead to uploading executable files to non-specified directories. | |||||
| CVE-2020-7497 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. | |||||
| CVE-2020-7495 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | |||||
| CVE-2020-7494 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | |||||
| CVE-2020-7478 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read arbitrary files from the IGSS server PC on an unrestricted or shared network when the IGSS Update Service is enabled. | |||||
| CVE-2020-7473 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk. | |||||
| CVE-2020-7377 | 1 Rapid7 | 1 Metasploit | 2024-11-21 | 5.0 MEDIUM | 8.1 HIGH |
| The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server. | |||||
| CVE-2020-7376 | 1 Rapid7 | 1 Metasploit | 2024-11-21 | 10.0 HIGH | 7.1 HIGH |
| The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host. | |||||
| CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | |||||
| CVE-2020-7246 | 1 Qdpm | 1 Qdpm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. | |||||
| CVE-2020-7211 | 3 Libslirp Project, Microsoft, Qemu | 3 Libslirp, Windows, Qemu | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows. | |||||
| CVE-2020-7008 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources. | |||||