Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36566 | 1 Tar-utils Project | 1 Tar-utils | 2024-11-21 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36565 | 2 Labstack, Microsoft | 2 Echo, Windows | 2024-11-21 | 5.3 Medium |
| Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | ||||
| CVE-2020-36561 | 1 Unzip Project | 1 Unzip | 2024-11-21 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36560 | 1 Go-unzip Project | 1 Go-unzip | 2024-11-21 | 9.1 Critical |
| Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | ||||
| CVE-2020-36559 | 1 Aahframework | 1 Aah | 2024-11-21 | 7.5 High |
| Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | ||||
| CVE-2020-36488 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 6.5 Medium |
| An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. | ||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | ||||
| CVE-2020-36321 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 5.9 Medium |
| Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder. | ||||
| CVE-2020-36314 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, File-roller, Enterprise Linux | 2024-11-21 | 3.9 Low |
| fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736. | ||||
| CVE-2020-36241 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gnome-autoar, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location. | ||||
| CVE-2020-36197 | 1 Qnap | 4 Music Station, Qts, Quts Hero and 1 more | 2024-11-21 | 7.1 High |
| An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.3.16 on QTS 4.5.2; versions prior to 5.2.10 on QTS 4.3.6; versions prior to 5.1.14 on QTS 4.3.3; versions prior to 5.3.16 on QuTS hero h4.5.2; versions prior to 5.3.16 on QuTScloud c4.5.4. | ||||
| CVE-2020-36142 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 6.5 Medium |
| BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | ||||
| CVE-2020-36052 | 1 1234n | 1 Minicms | 2024-11-21 | 9.8 Critical |
| Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 allows remote attackers to include and execute arbitrary files via the state parameter. | ||||
| CVE-2020-36051 | 1 1234n | 1 Minicms | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 allows remote attackers to read arbitrary files via the state parameter. | ||||
| CVE-2020-35883 | 1 Mozwire Project | 1 Mozwire | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename. | ||||
| CVE-2020-35762 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 2.7 Low |
| bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. | ||||
| CVE-2020-35749 | 1 Presstigers | 1 Simple Board Job | 2024-11-21 | 7.7 High |
| Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | ||||
| CVE-2020-35736 | 1 Liftoffsoftware | 1 Gateone | 2024-11-21 | 7.5 High |
| GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | ||||
| CVE-2020-35709 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 4.9 Medium |
| bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. | ||||
| CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | ||||