Total
7849 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-11-21 | 7.5 High |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | ||||
| CVE-2020-7861 | 2 Anysupport, Microsoft | 2 Anysupport, Windows | 2024-11-21 | 8.4 High |
| AnySupport (Remote support solution) before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution. | ||||
| CVE-2020-7858 | 2 Cdnetworks, Microsoft | 2 Aquanplayer, Windows | 2024-11-21 | 6.8 Medium |
| There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage. | ||||
| CVE-2020-7790 | 1 Spatie | 1 Browsershot | 2024-11-21 | 5.3 Medium |
| This affects the package spatie/browsershot from 0.0.0. By specifying a URL in the file:// protocol an attacker is able to include arbitrary files in the resultant PDF. | ||||
| CVE-2020-7763 | 1 Jsreport | 1 Phantom-html-to-pdf | 2024-11-21 | 7.5 High |
| This affects the package phantom-html-to-pdf before 0.6.1. | ||||
| CVE-2020-7762 | 1 Jsreport | 1 Jsreport-chrome-pdf | 2024-11-21 | 6.5 Medium |
| This affects the package jsreport-chrome-pdf before 1.10.0. | ||||
| CVE-2020-7758 | 1 Browserless | 1 Chrome | 2024-11-21 | 7.5 High |
| This affects versions of package browserless-chrome before 1.40.2-chrome-stable. User input flowing from the workspace endpoint gets used to create a file path filePath and this is fetched and then sent back to a user. This can be escaped to fetch arbitrary files from a server. | ||||
| CVE-2020-7757 | 1 Droppy Project | 1 Droppy | 2024-11-21 | 6.5 Medium |
| This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server. | ||||
| CVE-2020-7687 | 1 Fast-http Project | 1 Fast-http | 2024-11-21 | 7.5 High |
| This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7686 | 1 Rollup-plugin-dev-server Project | 1 Rollup-plugin-dev-server | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function. | ||||
| CVE-2020-7684 | 1 Rollup-plugin-serve Project | 1 Rollup-plugin-serve | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-serve. There is no path sanitization in readFile operation. | ||||
| CVE-2020-7683 | 1 Rollup-plugin-server Project | 1 Rollup-plugin-server | 2024-11-21 | 7.5 High |
| This affects all versions of package rollup-plugin-server. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. | ||||
| CVE-2020-7682 | 1 Marked-tree Project | 1 Marked-tree | 2024-11-21 | 7.5 High |
| This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7681 | 1 Indo-mars | 1 Marscode | 2024-11-21 | 7.5 High |
| This affects all versions of package marscode. There is no path sanitization in the path provided at fs.readFile in index.js. | ||||
| CVE-2020-7669 | 1 U-root | 1 U-root | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. | ||||
| CVE-2020-7668 | 1 Compression And Archive Extensions Tz Project | 1 Compression And Archive Extensions Tz Project | 2024-11-21 | 7.5 High |
| In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | ||||
| CVE-2020-7667 | 1 Sas | 1 Go Rpm Utils | 2024-11-21 | 7.5 High |
| In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. | ||||
| CVE-2020-7666 | 1 U-root | 1 U-root | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction. | ||||
| CVE-2020-7665 | 1 U-root | 1 U-root | 2024-11-21 | 7.5 High |
| This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction. | ||||
| CVE-2020-7664 | 1 Compression And Archive Extensions Project | 1 Compression And Archive Extensions Zip Project | 2024-11-21 | 7.5 High |
| In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | ||||