Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37447 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | |||||
| CVE-2021-37446 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. | |||||
| CVE-2021-37445 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | |||||
| CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | |||||
| CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | |||||
| CVE-2021-37442 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | |||||
| CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | |||||
| CVE-2021-37440 | 1 Nch | 1 Axon Pbx | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | |||||
| CVE-2021-37439 | 1 Nch | 1 Flexiserver | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | |||||
| CVE-2021-37367 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands. | |||||
| CVE-2021-37347 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | |||||
| CVE-2021-37343 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | |||||
| CVE-2021-37293 | 1 Kevinlab | 1 4st L-bems | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. | |||||
| CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | |||||
| CVE-2021-37196 | 1 Siemens | 1 Comos | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. | |||||
| CVE-2021-37130 | 1 Huawei | 2 Fusioncube, Fusioncube Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. | |||||
| CVE-2021-37128 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | |||||
| CVE-2021-37126 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. | |||||
| CVE-2021-37124 | 1 Huawei | 2 Pc Smart Full Scene, Pcmanager | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97. | |||||
| CVE-2021-37099 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. | |||||