Total
6525 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-37500 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-08-04 | 8.1 High |
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server. | ||||
CVE-2021-37469 | 1 Nch | 1 Webdictate | 2024-08-04 | 6.5 Medium |
In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | ||||
CVE-2021-37445 | 1 Nchsoftware | 1 Quorum | 2024-08-04 | 6.5 Medium |
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | ||||
CVE-2021-37343 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 8.8 High |
A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and could lead to post authenticated RCE under security context of the user running Nagios. | ||||
CVE-2021-37447 | 1 Nchsoftware | 1 Quorum | 2024-08-04 | 8.1 High |
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | ||||
CVE-2021-37367 | 1 Ctparental Project | 1 Ctparental | 2024-08-04 | 7.8 High |
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands. | ||||
CVE-2021-37443 | 1 Nchsoftware | 1 Ivm Attendant | 2024-08-04 | 8.1 High |
NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | ||||
CVE-2021-37347 | 1 Nagios | 1 Nagios Xi | 2024-08-04 | 7.8 High |
Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh does not validate the directory name it receives as an argument. | ||||
CVE-2021-37446 | 1 Nchsoftware | 1 Quorum | 2024-08-04 | 4.3 Medium |
In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. | ||||
CVE-2021-37200 | 1 Siemens | 1 Sinec Network Management System | 2024-08-04 | 7.7 High |
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. | ||||
CVE-2021-37196 | 1 Siemens | 1 Comos | 2024-08-04 | 6.5 Medium |
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. | ||||
CVE-2021-37444 | 1 Nchsoftware | 1 Ivm Attendant | 2024-08-04 | 8.8 High |
NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | ||||
CVE-2021-37441 | 1 Nch | 1 Axon Pbx | 2024-08-04 | 8.8 High |
NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | ||||
CVE-2021-37440 | 1 Nch | 1 Axon Pbx | 2024-08-04 | 6.5 Medium |
NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | ||||
CVE-2021-37439 | 1 Nch | 1 Flexiserver | 2024-08-04 | 6.5 Medium |
NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | ||||
CVE-2021-37442 | 1 Nchsoftware | 1 Ivm Attendant | 2024-08-04 | 6.5 Medium |
NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | ||||
CVE-2021-37317 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2024-08-04 | 9.1 Critical |
Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | ||||
CVE-2021-37293 | 1 Kevinlab | 1 4st L-bems | 2024-08-04 | 6.5 Medium |
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php. | ||||
CVE-2021-37130 | 1 Huawei | 2 Fusioncube, Fusioncube Firmware | 2024-08-04 | 7.5 High |
There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. | ||||
CVE-2021-35958 | 1 Google | 1 Tensorflow | 2024-08-04 | 9.1 Critical |
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives |