Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8159 | 2 Debian, Rubyonrails | 2 Debian Linux, Actionpack Page-caching | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | |||||
| CVE-2020-8144 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 5.2 MEDIUM | 8.4 HIGH |
| The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware update information. If the version field contains ..\ character sequences, the destination file path to save the firmware can be manipulated to be outside the intended destination directory tree. Fixed in UniFi Video Controller v3.10.3 and newer. | |||||
| CVE-2020-8131 | 1 Yarnpkg | 1 Yarn | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | |||||
| CVE-2020-8009 | 1 Motu | 21 112d, 1248, 16a and 18 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2020-7966 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. | |||||
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | |||||
| CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2024-11-21 | 7.5 HIGH | 8.4 HIGH |
| AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | |||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | |||||
| CVE-2020-7790 | 1 Spatie | 1 Browsershot | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | |||||
| CVE-2020-7763 | 1 Jsreport | 1 Phantom-html-to-pdf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package phantom-html-to-pdf before 0.6.1. | |||||
| CVE-2020-7762 | 1 Jsreport | 1 Jsreport-chrome-pdf | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This affects the package jsreport-chrome-pdf before 1.10.0. | |||||
| CVE-2020-7758 | 1 Browserless | 1 Chrome | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. | |||||
| CVE-2020-7757 | 1 Droppy Project | 1 Droppy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | |||||
| CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | |||||
| CVE-2020-7684 | 1 Rollup-plugin-serve Project | 1 Rollup-plugin-serve | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. | |||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | |||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | |||||
| CVE-2020-7669 | 1 U-root | 1 U-root | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | |||||