Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14946 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or while using a proxy. This vulnerability could be used to view local sensitive files or configuration files. | |||||
| CVE-2020-14523 | 1 Mitsubishielectric | 27 Cw Configurator, Fr Configurator2, Gx Works2 and 24 more | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | |||||
| CVE-2020-14507 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | |||||
| CVE-2020-14490 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files. | |||||
| CVE-2020-14461 | 1 Zyxel | 2 Wap6806, Wap6806 Firmware | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | |||||
| CVE-2020-14452 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. | |||||
| CVE-2020-14366 | 1 Redhat | 1 Keycloak | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw | |||||
| CVE-2020-14352 | 3 Fedoraproject, Opensuse, Redhat | 4 Fedora, Backports Sle, Leap and 1 more | 2024-11-21 | 8.5 HIGH | 8.0 HIGH |
| A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories. | |||||
| CVE-2020-14028 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. | |||||
| CVE-2020-13924 | 1 Apache | 1 Ambari | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | |||||
| CVE-2020-13886 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | |||||
| CVE-2020-13836 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). | |||||
| CVE-2020-13818 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed. | |||||
| CVE-2020-13795 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. | |||||
| CVE-2020-13792 | 1 Playtube | 1 Playtube | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. | |||||
| CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2020-13450 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability in file upload function of Gotenberg through 6.2.1 allows an attacker to upload and overwrite any writable files outside the intended folder. This can lead to DoS, a change to program behavior, or code execution. | |||||
| CVE-2020-13449 | 1 Thecodingmachine | 1 Gotenberg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in the Markdown engine of Gotenberg through 6.2.1 allows an attacker to read any container files. | |||||
| CVE-2020-13419 | 1 Openiam | 1 Openiam | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. | |||||
| CVE-2020-13383 | 1 Os4ed | 1 Opensis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| openSIS through 7.4 allows Directory Traversal. | |||||