Total
6539 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22013 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 7.5 High |
| The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||||
| CVE-2021-22114 | 1 Vmware | 1 Spring Integration Zip | 2024-08-03 | 5.3 Medium |
| Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. | ||||
| CVE-2021-22005 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 9.8 Critical |
| The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. | ||||
| CVE-2021-21972 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-03 | 9.8 Critical |
| The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). | ||||
| CVE-2021-21904 | 1 Garrett | 1 Ic Module Cma | 2024-08-03 | 7.2 High |
| A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability | ||||
| CVE-2021-21909 | 1 Garrett | 2 Ic Module, Ic Module Firmware | 2024-08-03 | 8.1 High |
| Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability | ||||
| CVE-2021-21908 | 1 Garrett | 2 Ic Module, Ic Module Firmware | 2024-08-03 | 6.5 Medium |
| Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files. | ||||
| CVE-2021-21907 | 1 Garrett | 1 Ic Module Cma | 2024-08-03 | 4.9 Medium |
| A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability. | ||||
| CVE-2021-21896 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-08-03 | 6.5 Medium |
| A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21894 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-08-03 | 9.1 Critical |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21895 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-08-03 | 7.2 High |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21886 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-08-03 | 4.3 Medium |
| A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21885 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-08-03 | 7.2 High |
| A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21879 | 1 Lantronix | 1 Premierwave 2050 | 2024-08-03 | 8.8 High |
| A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21880 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-08-03 | 7.2 High |
| A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2021-21696 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.8 Critical |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process. | ||||
| CVE-2021-21697 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 9.1 Critical |
| Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. | ||||
| CVE-2021-21683 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2024-08-03 | 6.5 Medium |
| The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. | ||||
| CVE-2021-21695 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 8.8 High |
| FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | ||||
| CVE-2021-21688 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-03 | 7.5 High |
| The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo). | ||||