Total
6537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31156 | 2024-08-03 | 7.5 High | ||
| Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. | ||||
| CVE-2021-30635 | 1 Sonatype | 1 Nexus Repository Manager | 2024-08-03 | 5.3 Medium |
| Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | ||||
| CVE-2021-30483 | 2 Isomorphic-git, Redhat | 3 Isomorphic-git, Rhev Hypervisor, Rhev Manager | 2024-08-03 | 5.3 Medium |
| isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | ||||
| CVE-2021-30497 | 1 Ivanti | 1 Avalanche | 2024-08-03 | 7.5 High |
| Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | ||||
| CVE-2021-30048 | 1 Novel Boutique House-plus Project | 1 Novel Boutique House-plus | 2024-08-03 | 5.3 Medium |
| Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | ||||
| CVE-2021-27798 | 1 Broadcom | 1 Fabric Operating System | 2024-08-03 | 5.5 Medium |
| A vulnerability in Brocade Fabric OS versions v7.4.1b and v7.3.1d could allow local users to conduct privileged directory transversal. Brocade Fabric OS versions v7.4.1.x and v7.3.x have reached end of life. Brocade Fabric OS Users should upgrade to supported versions as described in the Product End-of-Life Publish report | ||||
| CVE-2021-29466 | 1 Discord | 1 Discord-recon | 2024-08-03 | 6.5 Medium |
| Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace('..', '')` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4. | ||||
| CVE-2021-29474 | 1 Hedgedoc | 1 Hedgedoc | 2024-08-03 | 4.7 Medium |
| HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()-function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack's usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path. | ||||
| CVE-2021-29492 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-08-03 | 8.1 High |
| Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably. | ||||
| CVE-2021-29395 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-08-03 | 7.5 High |
| Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. | ||||
| CVE-2021-29417 | 1 Gitjacker Project | 1 Gitjacker | 2024-08-03 | 9.8 Critical |
| gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. | ||||
| CVE-2021-29398 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-08-03 | 5.3 Medium |
| Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | ||||
| CVE-2021-29425 | 5 Apache, Debian, Netapp and 2 more | 69 Commons Io, Debian Linux, Active Iq Unified Manager and 66 more | 2024-08-03 | 4.8 Medium |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | ||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2024-08-03 | 6.7 Medium |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | ||||
| CVE-2021-29212 | 1 Hp | 1 Ilo Amplifier Pack | 2024-08-03 | 9.8 Critical |
| A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. | ||||
| CVE-2021-29157 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-08-03 | 7.5 High |
| Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. | ||||
| CVE-2021-29134 | 1 Gitea | 1 Gitea | 2024-08-03 | 5.3 Medium |
| The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. | ||||
| CVE-2021-29006 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 6.5 Medium |
| rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server. | ||||
| CVE-2021-28966 | 2 Microsoft, Ruby-lang | 2 Windows, Ruby | 2024-08-03 | 7.5 High |
| In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. | ||||
| CVE-2021-28959 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-08-03 | 9.8 Critical |
| Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution. | ||||