Total
7027 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20277 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | |||||
| CVE-2020-20012 | 1 Sudytech | 1 Webplus Pro | 2024-11-21 | N/A | 9.8 CRITICAL |
| WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | |||||
| CVE-2020-1904 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages. | |||||
| CVE-2020-1853 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. Due to insufficient input path validation, an authenticated attacker can traverse directories and download files to a specific directory. Successful exploit may cause information leakage. | |||||
| CVE-2020-1737 | 1 Redhat | 2 Ansible Engine, Ansible Tower | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9.6 and prior when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal. This issue is fixed in 2.10. | |||||
| CVE-2020-1735 | 3 Debian, Fedoraproject, Redhat | 6 Debian Linux, Fedora, Ansible and 3 more | 2024-11-21 | 3.6 LOW | 4.2 MEDIUM |
| A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. | |||||
| CVE-2020-1699 | 2 Linuxfoundation, Redhat | 2 Ceph, Ceph Storage | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard. | |||||
| CVE-2020-1606 | 1 Juniper | 24 Junos, Qfx5110, Qfx5200 and 21 more | 2024-11-21 | 6.5 MEDIUM | 5.4 MEDIUM |
| A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2. | |||||
| CVE-2020-1082 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088. | |||||
| CVE-2020-19902 | 1 Wcms | 1 Wcms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. | |||||
| CVE-2020-19877 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information. | |||||
| CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | |||||
| CVE-2020-19547 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. | |||||
| CVE-2020-19360 | 1 Fhem | 1 Fhem | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure. | |||||
| CVE-2020-19305 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | |||||
| CVE-2020-19304 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. | |||||
| CVE-2020-19154 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-19150 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-19147 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. | |||||
| CVE-2020-19146 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. | |||||