Total
7108 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-35250 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | |||||
CVE-2021-35230 | 1 Solarwinds | 1 Kiwi Cattools | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | |||||
CVE-2021-35054 | 1 Minecraft | 1 Minecraft | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. | |||||
CVE-2021-35027 | 1 Zyxel | 2 Zywall Vpn2s, Zywall Vpn2s Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information. | |||||
CVE-2021-34860 | 1 Dlink | 2 Dap-2020, Dap-2020 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | |||||
CVE-2021-34820 | 1 Aat | 1 Novus Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was discovered in the NMS (Novus Management System) software through 1.51.2 | |||||
CVE-2021-34805 | 1 Land-software | 1 Faust Iserver | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. | |||||
CVE-2021-34762 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device. | |||||
CVE-2021-34711 | 1 Cisco | 32 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 29 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system. | |||||
CVE-2021-34701 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system. | |||||
CVE-2021-34594 | 1 Beckhoff | 4 Tf6100, Tf6100 Firmware, Ts6100 and 1 more | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. | |||||
CVE-2021-34553 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | |||||
CVE-2021-34436 | 1 Eclipse | 1 Theia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. | |||||
CVE-2021-34422 | 1 Keybase | 1 Keybase | 2024-11-21 | 6.0 MEDIUM | 7.2 HIGH |
The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution. | |||||
CVE-2021-34363 | 2 Fedoraproject, The Fuck Project | 2 Fedora, The Fuck | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | |||||
CVE-2021-34129 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. | |||||
CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | |||||
CVE-2021-33807 | 1 Gespage | 1 Gespage | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | |||||
CVE-2021-33800 | 1 Alibaba | 1 Druid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | |||||
CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. |