Total
8266 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40724 | 2 Adobe, Google | 2 Acrobat Reader, Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-40680 | 1 Articatech | 1 Web Proxy | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.
|
|||||
| CVE-2021-40668 | 1 Http File Server Project | 1 Http File Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.
|
|||||
| CVE-2021-40651 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (modname parameter), which can disclose arbitrary file from the server's filesystem as long as the application has access to the file.
|
|||||
| CVE-2021-40525 | 1 Apache | 1 James | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
|
|||||
| CVE-2021-40371 | 1 Gridprosoftware | 1 Request Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap.
|
|||||
| CVE-2021-40359 | 1 Siemens | 5 Simatic Batch, Simatic Net Pc, Simatic Route Control and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.7 HIGH |
|
A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Update 6), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V ...
Show More |
|||||
| CVE-2021-40358 | 1 Siemens | 2 Simatic Pcs 7, Simatic Wincc | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
|
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). Legitimate file operations on the web server of the aff ...
Show More |
|||||
| CVE-2021-40357 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All versions < V5.1.5), Teamcenter Active Workspace V5.2 (All versions < V5.2.1). A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.
|
|||||
| CVE-2021-40349 | 1 Speed Test Project | 1 Speed Test | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disclosure via the "GET /.." substring.
|
|||||
| CVE-2021-40285 | 1 Htmly | 1 Htmly | 2024-11-21 | N/A | 8.1 HIGH |
|
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
|
|||||
| CVE-2021-40153 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
|
|||||
| CVE-2021-40103 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Reading and SSRF.
|
|||||
| CVE-2021-40098 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external form by adding a regular expression.
|
|||||
| CVE-2021-40097 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter.
|
|||||
| CVE-2021-40003 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2021-40001 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable.
|
|||||
| CVE-2021-3960 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272
|
|||||
| CVE-2021-3924 | 1 Getgrav | 1 Grav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|||||
| CVE-2021-3916 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 7.5 HIGH | 7.4 HIGH |
|
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on.
|
|||||
| CVE-2021-3874 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|||||
| CVE-2021-3856 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 4.3 MEDIUM |
|
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
|
|||||
| CVE-2021-3823 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.
|
|||||
| CVE-2021-3806 | 1 Tubitak | 1 Pardus Software Center | 2024-11-21 | 7.1 HIGH | 5.3 MEDIUM |
|
A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
|
|||||
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.
|
|||||
| CVE-2021-3710 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 4.7 MEDIUM | 6.5 MEDIUM |
|
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
|
|||||
| CVE-2021-3709 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
|
|||||
| CVE-2021-3688 | 1 Redhat | 1 Jboss Core Services Httpd | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
|
|||||
| CVE-2021-3374 | 1 Rstudio | 1 Shiny Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
|
|||||
| CVE-2021-3341 | 1 Dh2i | 2 Dxenterprise, Dxodyssey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request.
|
|||||
| CVE-2021-3281 | 3 Djangoproject, Fedoraproject, Netapp | 3 Django, Fedora, Snapcenter | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
|
|||||
| CVE-2021-3223 | 1 Nodered | 1 Node-red-dashboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
|
|||||
| CVE-2021-3199 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.
|
|||||
| CVE-2021-3178 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior
|
|||||
| CVE-2021-3152 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation
|
|||||
| CVE-2021-3139 | 1 Tcmu-runner Project | 1 Tcmu-runner | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. NOTE: relative to CVE-2020-28374, this is a similar mistake in a different algorithm.
|
|||||
| CVE-2021-3019 | 1 Lanproxy Project | 1 Lanproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
|
|||||
| CVE-2021-39970 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission.
|
|||||
| CVE-2021-39500 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject "../" to escape and write file to writeable directories.
|
|||||