Total
430 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3995 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.
|
|||||
| CVE-2021-3856 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 4.3 MEDIUM |
|
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.
|
|||||
| CVE-2021-3800 | 3 Debian, Gnome, Netapp | 3 Debian Linux, Glib, Active Iq Unified Manager | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
|
|||||
| CVE-2021-3717 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.
|
|||||
| CVE-2021-39316 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
|
|||||
| CVE-2021-38711 | 1 Gitit Project | 1 Gitit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
|
|||||
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php.
|
|||||
| CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
|
|||||
| CVE-2021-36233 | 1 Unit4 | 1 Mik.starlight | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path.
|
|||||
| CVE-2021-35203 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
|
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.
|
|||||
| CVE-2021-34765 | 1 Cisco | 1 Nexus Insights | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote attacker to view and download files related to the web application. The attacker requires valid device credentials. This vulnerability exists because proper role-based access control (RBAC) filters are not applied to file download actions. An attacker could exploit this vulnerability by logging in to the application and then navigating to the directory listing and download functions. A successful exploit ...
Show More |
|||||
| CVE-2021-33843 | 1 Fresenius-kabi | 2 Agilia Sp Mc Wifi, Agilia Sp Mc Wifi Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings.
|
|||||
| CVE-2021-33359 | 1 Sensepost | 1 Gowitness | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file.
|
|||||
| CVE-2021-32833 | 1 Emby | 1 Emby.releases | 2024-11-21 | 4.3 MEDIUM | 8.6 HIGH |
|
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to ...
Show More |
|||||
| CVE-2021-32752 | 1 Ethercreative | 1 Logs | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
|
Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access.
|
|||||
| CVE-2021-32688 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
|
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to gr ...
Show More |
|||||
| CVE-2021-32008 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 8.5 HIGH | 9.9 CRITICAL |
|
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories.
|
|||||
| CVE-2021-31850 | 2 Mcafee, Microsoft | 2 Database Security, Windows | 2024-11-21 | 4.9 MEDIUM | 6.1 MEDIUM |
|
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files in Windows system directories and other locations where sensitive data could be overwritten. The former could lead to a DoS, whilst the latter could lead to data destruction on the DBS server.
|
|||||
| CVE-2021-31831 | 1 Mcafee | 1 Database Security | 2024-11-21 | 6.5 MEDIUM | 4.9 MEDIUM |
|
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to gain access to signed SQL scripts which have been marked as deleted or expired within the administrative console. This access was only available through the REST API.
|
|||||
| CVE-2021-31600 | 1 Hitachi | 2 Vantara Pentaho, Vantara Pentaho Business Intelligence Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user (regardless of privileges) can list all valid usernames.
|
|||||
| CVE-2021-29969 | 1 Mozilla | 1 Thunderbird | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12.
|
|||||
| CVE-2021-29024 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication.
|
|||||
| CVE-2021-25741 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.5 MEDIUM | 8.8 HIGH |
|
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
|
|||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
|
|||||
| CVE-2021-25004 | 1 Seur Oficial Project | 1 Seur Oficial | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page.
|
|||||
| CVE-2021-24154 | 1 Themeeditor | 1 Theme Editor | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd
|
|||||
| CVE-2021-22769 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an attacker is not restricted or incorrectly restricted.
|
|||||
| CVE-2021-22015 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may exploit these issues to elevate their privileges to root on vCenter Server Appliance.
|
|||||
| CVE-2021-21429 | 1 Openapi-generator | 1 Openapi Generator | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with `Files.createTempFile` and released in the v5.1.0 stable version.
|
|||||
| CVE-2021-21355 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects ha ...
Show More |
|||||
| CVE-2021-20253 | 1 Redhat | 1 Ansible Tower | 2024-11-21 | 3.5 LOW | 6.7 MEDIUM |
|
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
|||||
| CVE-2021-20182 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system ...
Show More |
|||||
| CVE-2021-20148 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.
|
|||||
| CVE-2021-1512 | 1 Cisco | 23 Catalyst Sd-wan Manager, Sd-wan Vbond Orchestrator, Sd-wan Vmanage and 20 more | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on ...
Show More |
|||||
| CVE-2021-1434 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.6 MEDIUM | 4.4 MEDIUM |
|
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.
|
|||||
| CVE-2021-1361 | 1 Cisco | 49 Nexus 3000, Nexus 3100, Nexus 3100-z and 46 more | 2024-11-21 | 9.4 HIGH | 9.8 CRITICAL |
|
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit ...
Show More |
|||||
| CVE-2021-1256 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targete ...
Show More |
|||||
| CVE-2020-5356 | 1 Dell | 3 Powerprotect Data Manager, Powerprotect X400, Powerprotect X400 Firmware | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines.
|
|||||
| CVE-2020-5289 | 1 Elide | 1 Elide | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The presence or absence of models in the returned collection can be used to reconstruct the value of the inaccessible field. Resolved in Elide 4.5.14 and greater.
|
|||||
| CVE-2020-5250 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.9 MEDIUM | 7.6 HIGH |
|
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.
|
|||||