Total
6538 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-27276 | 1 Netgear | 1 Prosafe Network Management System | 2024-08-03 | 7.1 High |
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122. | ||||
CVE-2021-27272 | 1 Netgear | 1 Prosafe Network Management System | 2024-08-03 | 7.1 High |
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123. | ||||
CVE-2021-27065 | 1 Microsoft | 1 Exchange Server | 2024-08-03 | 7.8 High |
Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
CVE-2021-27030 | 1 Autodesk | 1 Fbx Review | 2024-08-03 | 7.8 High |
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system. | ||||
CVE-2021-26814 | 1 Wazuh | 1 Wazuh | 2024-08-03 | 8.8 High |
Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service script. | ||||
CVE-2021-26719 | 1 Gradle | 3 Enterprise Test Distribution Agent, Maven, Test Distribution | 2024-08-03 | 6.5 Medium |
A directory traversal issue was discovered in Gradle gradle-enterprise-test-distribution-agent before 1.3.2, test-distribution-gradle-plugin before 1.3.2, and gradle-enterprise-maven-extension before 1.8.2. A malicious actor (with certain credentials) can perform a registration step such that crafted TAR archives lead to extraction of files into arbitrary filesystem locations. | ||||
CVE-2021-26736 | 1 Zscaler | 1 Client Connector | 2024-08-03 | 6.7 Medium |
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. | ||||
CVE-2021-26575 | 1 Hpe | 2 Apollo 70 System, Baseboard Management Controller | 2024-08-03 | 7.8 High |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. | ||||
CVE-2021-26619 | 2 Bigfile, Microsoft | 2 Bigfileagent, Windows | 2024-08-03 | 7.1 High |
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users. | ||||
CVE-2021-26629 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-08-03 | 8.8 High |
A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. | ||||
CVE-2021-26574 | 1 Hpe | 2 Apollo 70 System, Baseboard Management Controller | 2024-08-03 | 7.8 High |
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function. | ||||
CVE-2021-26601 | 1 Impresscms | 1 Impresscms | 2024-08-03 | 8.1 High |
ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal. | ||||
CVE-2021-26294 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2024-08-03 | 7.5 High |
An issue was discovered in AfterLogic Aurora through 7.7.9 and WebMail Pro through 7.7.9. They allow directory traversal to read files (such as a data/settings/settings.xml file containing admin panel credentials), as demonstrated by dav/server.php/files/personal/%2e%2e when using the caldav_public_user account (with caldav_public_user as its password). | ||||
CVE-2021-26293 | 1 Afterlogic | 2 Aurora, Webmail Pro | 2024-08-03 | 9.8 Critical |
An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x. | ||||
CVE-2021-25864 | 1 Dgtl | 1 Huemagic | 2024-08-03 | 7.5 High |
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. | ||||
CVE-2021-25833 | 1 Onlyoffice | 1 Document Server | 2024-08-03 | 9.8 Critical |
A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer. | ||||
CVE-2021-25511 | 1 Google | 1 Android | 2024-08-03 | 6.3 Medium |
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. | ||||
CVE-2021-25485 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. | ||||
CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-08-03 | 5.5 Medium |
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. | ||||
CVE-2021-25450 | 1 Google | 1 Android | 2024-08-03 | 4.5 Medium |
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. |