Total
6658 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4209 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2020-05-08 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to create arbitrary files on the system. IBM X-Force ID: 175019. | |||||
| CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2020-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | |||||
| CVE-2018-19328 | 1 Laobancms | 1 Laobancms | 2020-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| LAOBANCMS 2.0 allows install/mysql_hy.php?riqi=../ Directory Traversal. | |||||
| CVE-2020-12443 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is case-insensitive. | |||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 9 Ubuntu Linux, Debian Linux, Git and 6 more | 2020-05-02 | 6.8 MEDIUM | 7.8 HIGH |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | |||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2020-05-01 | 6.5 MEDIUM | 8.8 HIGH |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | |||||
| CVE-2020-12128 | 1 File Transfer Ifamily Project | 1 File Transfer Ifamily | 2020-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. | |||||
| CVE-2020-10506 | 1 The School Manage System Project | 1 The School Manage System | 2020-04-30 | 5.0 MEDIUM | 7.5 HIGH |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. | |||||
| CVE-2016-1000112 | 1 Contussupport | 1 Contus-video-comments | 2020-04-29 | 9.4 HIGH | 9.1 CRITICAL |
| Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | |||||
| CVE-2020-3177 | 1 Cisco | 2 Unified Communications Manager, Unified Contact Center Express | 2020-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system. | |||||
| CVE-2017-2245 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2020-04-23 | 4.0 MEDIUM | 5.0 MEDIUM |
| Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2017-18824 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-23 | 2.1 LOW | 3.3 LOW |
| Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2020-3252 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3249 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-23 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3251 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-23 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3248 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-23 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3239 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3247 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2020-04-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-6225 | 1 Sap | 2 Netweaver Knowledge Management And Collaboration \(kmc-cm\), Netweaver Knowledge Management And Collaboration \(kmc-wpc\) | 2020-04-15 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. | |||||
| CVE-2018-7300 | 1 Eq-3 | 2 Homematic Ccu2, Homematic Ccu2 Firmware | 2020-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Directory Traversal / Arbitrary File Write / Remote Code Execution in the User.setLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to write arbitrary files to the device's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface. | |||||