Total
6539 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20669 | 1 Weseek | 1 Growi | 2024-08-03 | 4.7 Medium |
| Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administrator rights to read and/or delete an arbitrary path via a specially crafted URL. | ||||
| CVE-2021-20651 | 1 Elecom | 1 File Manager | 2024-08-03 | 9.1 Critical |
| Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors. | ||||
| CVE-2021-20661 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-08-03 | 8.1 High |
| Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | ||||
| CVE-2021-20247 | 3 Debian, Fedoraproject, Mbsync Project | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-08-03 | 7.4 High |
| A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20218 | 1 Redhat | 16 A-mq Online, Amq Online, Build Of Quarkus and 13 more | 2024-08-03 | 7.4 High |
| A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability is to integrity and system availability. This has been fixed in kubernetes-client-4.13.2 kubernetes-client-5.0.2 kubernetes-client-4.11.2 kubernetes-client-4.7.2 | ||||
| CVE-2021-20206 | 2 Linuxfoundation, Redhat | 3 Container Network Interface, Container Native Virtualization, Openshift | 2024-08-03 | 7.2 High |
| An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2021-20090 | 1 Buffalo | 4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more | 2024-08-03 | 9.8 Critical |
| A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | ||||
| CVE-2021-20125 | 1 Draytek | 1 Vigorconnect | 2024-08-03 | 9.8 Critical |
| An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with root privileges. | ||||
| CVE-2021-20134 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-08-03 | 8.4 High |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router's filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion. | ||||
| CVE-2021-20078 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-08-03 | 9.1 Critical |
| Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS. | ||||
| CVE-2021-20072 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-08-03 | 7.2 High |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral. | ||||
| CVE-2021-20133 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2024-08-03 | 6.1 Medium |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). | ||||
| CVE-2021-20040 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-08-03 | 7.5 High |
| A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated attacker to upload crafted web pages or files as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | ||||
| CVE-2021-20023 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2024-08-03 | 4.9 Medium |
| SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. | ||||
| CVE-2021-20034 | 1 Sonicwall | 9 Sma 200, Sma 200 Firmware, Sma 210 and 6 more | 2024-08-03 | 9.1 Critical |
| An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. | ||||
| CVE-2021-20030 | 1 Sonicwall | 1 Global Management System | 2024-08-03 | 7.5 High |
| SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files. | ||||
| CVE-2021-3178 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-08-03 | 6.5 Medium |
| fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior | ||||
| CVE-2021-3152 | 1 Home-assistant | 1 Home-assistant | 2024-08-03 | 5.3 Medium |
| Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation | ||||
| CVE-2021-3916 | 1 Bookstackapp | 1 Bookstack | 2024-08-03 | 6.5 Medium |
| bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2021-3924 | 1 Getgrav | 1 Grav | 2024-08-03 | 7.5 High |
| grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||