Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40001 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. | |||||
| CVE-2021-3960 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272 | |||||
| CVE-2021-3924 | 1 Getgrav | 1 Grav | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2021-3916 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 7.5 HIGH | 7.4 HIGH |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | |||||
| CVE-2021-3874 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2021-3856 | 1 Redhat | 1 Keycloak | 2024-11-21 | N/A | 4.3 MEDIUM |
| ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. | |||||
| CVE-2021-3823 | 1 Bitdefender | 1 Gravityzone | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249. | |||||
| CVE-2021-3806 | 1 Tubitak | 1 Pardus Software Center | 2024-11-21 | 7.1 HIGH | 5.3 MEDIUM |
| A path traversal vulnerability on Pardus Software Center's "extractArchive" function could allow anyone on the same network to do a man-in-the-middle and write files on the system. | |||||
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | |||||
| CVE-2021-3710 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 4.7 MEDIUM | 6.5 MEDIUM |
| An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | |||||
| CVE-2021-3709 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; | |||||
| CVE-2021-3688 | 1 Redhat | 1 Jboss Core Services Httpd | 2024-11-21 | N/A | 4.8 MEDIUM |
| A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-3374 | 1 Rstudio | 1 Shiny Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash. | |||||
| CVE-2021-3341 | 1 Dh2i | 2 Dxenterprise, Dxodyssey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for Windows, version 19.5 through 20.x before 20.0.219.0, allows an attacker to read any file on the host file system via an HTTP request. | |||||
| CVE-2021-3281 | 3 Djangoproject, Fedoraproject, Netapp | 3 Django, Fedora, Snapcenter | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments. | |||||
| CVE-2021-3223 | 1 Nodered | 1 Node-red-dashboard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. | |||||
| CVE-2021-3199 | 1 Onlyoffice | 1 Document Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter. | |||||
| CVE-2021-3178 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior | |||||
| CVE-2021-3152 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation | |||||