Total
6534 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34820 | 1 Aat | 1 Novus Management System | 2024-08-04 | 7.5 High |
| Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was discovered in the NMS (Novus Management System) software through 1.51.2 | ||||
| CVE-2021-34638 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2024-08-04 | 6.5 Medium |
| Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+ users to perform XSS attacks, by setting Download template to a file containing configuration information or an uploaded JavaScript with an image extension This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | ||||
| CVE-2021-34553 | 1 Sonatype | 1 Nexus Repository Manager | 2024-08-04 | 4.3 Medium |
| Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | ||||
| CVE-2021-34436 | 1 Eclipse | 1 Theia | 2024-08-04 | 9.8 Critical |
| In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. | ||||
| CVE-2021-34363 | 2 Fedoraproject, The Fuck Project | 2 Fedora, The Fuck | 2024-08-04 | 9.1 Critical |
| The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | ||||
| CVE-2021-34129 | 1 Laiketui | 1 Laiketui | 2024-08-04 | 8.1 High |
| LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. | ||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-08-04 | 5.3 Medium |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | ||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2024-08-03 | 7.5 High |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | ||||
| CVE-2021-33807 | 1 Gespage | 1 Gespage | 2024-08-03 | 7.5 High |
| Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | ||||
| CVE-2021-33725 | 1 Siemens | 1 Sinec Nms | 2024-08-03 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33724 | 1 Siemens | 1 Sinec Nms | 2024-08-03 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | ||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2024-08-03 | 7.5 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33722 | 1 Siemens | 1 Sinec Nms | 2024-08-03 | 4.9 Medium |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | ||||
| CVE-2021-33692 | 1 Sap | 1 Cloud Connector | 2024-08-03 | 7.5 High |
| SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. | ||||
| CVE-2021-33685 | 1 Sap | 1 Business One | 2024-08-03 | 6.5 Medium |
| SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data | ||||
| CVE-2021-33576 | 1 Cleo | 1 Lexicom | 2024-08-03 | 9.8 Critical |
| An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. | ||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2024-08-03 | 9.1 Critical |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | ||||
| CVE-2021-33491 | 1 Open-xchange | 1 Ox App Suite | 2024-08-03 | 6.5 Medium |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. | ||||
| CVE-2021-33353 | 1 Wyomind | 1 Help Desk | 2024-08-03 | 9.8 Critical |
| Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. | ||||
| CVE-2021-33354 | 1 Htmly | 1 Htmly | 2024-08-03 | 8.1 High |
| Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | ||||