Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0231 | 1 Juniper | 15 Junos, Srx1500, Srx300 and 12 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in the Juniper Networks SRX and vSRX Series may allow an authenticated J-web user to read sensitive system files. This issue affects Juniper Networks Junos OS on SRX and vSRX Series: 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S3, 20.2R2; This issue does not affect Juniper Networks Junos OS versions prior to 19.3R1. | |||||
| CVE-2021-0097 | 1 Intel | 2 Efi Bios 7215, Server Board M10jnp2sb | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access. | |||||
| CVE-2020-9920 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A malicious mail server may overwrite arbitrary mail files. | |||||
| CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | |||||
| CVE-2020-9708 | 1 Adobe | 1 Git-server | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces the location of the repository. | |||||
| CVE-2020-9689 | 1 Magento | 1 Magento | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9663 | 1 Adobe | 1 Adobe Reader | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Adobe Reader Mobile versions 20.0.1 and earlier have a directory traversal vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2020-9479 | 1 Apache | 1 Asterixdb | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa5e8888b8e1b0620521a1c9680e54df73 and 28c0ee84f1387ab5d0659e9e822f4e3923ddc22d. Note: this CVE may be REJECTed as the issue did not affect any released versions of Apache AsterixDB | |||||
| CVE-2020-9368 | 1 Oleacorner | 1 Olea Gift On Order | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | |||||
| CVE-2020-9364 | 1 Creative-solutions | 1 Creative Contact Form | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email. | |||||
| CVE-2020-9354 | 1 Smartclient | 1 Smartclient | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. path traversal. | |||||
| CVE-2020-9353 | 1 Smartclient | 1 Smartclient | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML element in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server." | |||||
| CVE-2020-9325 | 1 Aquaforest | 1 Tiff Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download. | |||||
| CVE-2020-9323 | 1 Aquaforest | 1 Tiff Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx. | |||||
| CVE-2020-9252 | 1 Huawei | 8 Magic2, Magic2 Firmware, Mate 20 and 5 more | 2024-11-21 | 2.1 LOW | 2.3 LOW |
| HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. The system does not sufficiently validate certain pathname from certain process, successful exploit could allow the attacker write files to a crafted path. | |||||
| CVE-2020-9106 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. | |||||
| CVE-2020-9050 | 1 Johnsoncontrols | 1 Metasys Reporting Engine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) Web Services which could allow a remote unauthenticated attacker to access and download arbitrary files from the system. | |||||
| CVE-2020-9033 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php. | |||||
| CVE-2020-9032 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php. | |||||
| CVE-2020-9031 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php. | |||||