Total
7108 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33725 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | |||||
| CVE-2021-33724 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | |||||
| CVE-2021-33722 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | |||||
| CVE-2021-33692 | 1 Sap | 1 Cloud Connector | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. | |||||
| CVE-2021-33685 | 1 Sap | 1 Business One | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data | |||||
| CVE-2021-33576 | 1 Cleo | 1 Lexicom | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. | |||||
| CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | |||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | |||||
| CVE-2021-33491 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. | |||||
| CVE-2021-33354 | 1 Htmly | 1 Htmly | 2024-11-21 | N/A | 8.1 HIGH |
| Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | |||||
| CVE-2021-33215 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. | |||||
| CVE-2021-33211 | 1 Element-it | 1 Http Commander | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. | |||||
| CVE-2021-33203 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. | |||||
| CVE-2021-33183 | 1 Synology | 1 Docker | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. | |||||
| CVE-2021-33178 | 1 Nagvis | 1 Nagvis | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system. | |||||
| CVE-2021-33036 | 1 Apache | 1 Hadoop | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | |||||
| CVE-2021-33005 | 1 Myscada | 1 Mypro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories. | |||||
| CVE-2021-32981 | 1 Aveva | 1 System Platform | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | |||||
| CVE-2021-32964 | 1 Aggsoft | 1 Webserver | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. | |||||
| CVE-2021-32954 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. | |||||