Total
7186 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12392 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2020-12315 | 1 Intel | 1 Endpoint Management Assistant | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2020-12265 | 1 Decompress Project | 1 Decompress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | |||||
| CVE-2020-12251 | 1 Gigamon | 1 Gigavue | 2024-11-21 | 3.5 LOW | 2.2 LOW |
| An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload functionality allows an authenticated user to change the filename value (in the POST method) from the original filename to achieve directory traversal via a ../ sequence and, for example, obtain a complete directory listing of the machine. | |||||
| CVE-2020-12147 | 1 Silver-peak | 1 Unity Orchestrator | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can make unauthorized MySQL queries against the Orchestrator database using the /sqlExecution REST API, which had been used for internal testing. | |||||
| CVE-2020-12146 | 1 Silver-peak | 1 Unity Orchestrator | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. | |||||
| CVE-2020-12128 | 1 File Transfer Ifamily Project | 1 File Transfer Ifamily | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. | |||||
| CVE-2020-12116 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | |||||
| CVE-2020-12112 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | |||||
| CVE-2020-12103 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored. | |||||
| CVE-2020-12102 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application scope). | |||||
| CVE-2020-12026 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
| CVE-2020-12010 | 1 Advantech | 1 Webaccess | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. | |||||
| CVE-2020-12006 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | |||||
| CVE-2020-12003 | 1 Rockwellautomation | 2 Factorytalk Linx, Rslinx Classic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. | |||||
| CVE-2020-11819 | 1 Rukovoditel | 1 Rukovoditel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | |||||
| CVE-2020-11798 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. | |||||
| CVE-2020-11736 | 3 Canonical, Debian, Gnome | 3 Ubuntu Linux, Debian Linux, File-roller | 2024-11-21 | 3.3 LOW | 3.9 LOW |
| fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | |||||
| CVE-2020-11705 | 1 Provideserver | 1 Provide Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ProVide (formerly zFTPServer) through 13.1. /ajax/ImportCertificate allows an attacker to load an arbitrary certificate in .pfx format or overwrite arbitrary files via the fileName parameter. | |||||
| CVE-2020-11700 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page. | |||||