Total
6551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31538 | 1 Lancom-systems | 6 Lcos Fx, Uf-160, Uf-260 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. | |||||
| CVE-2021-31421 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129. | |||||
| CVE-2021-31385 | 1 Juniper | 1 Junos | 2024-11-21 | 8.5 HIGH | 8.8 HIGH |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
| CVE-2021-31272 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation. | |||||
| CVE-2021-31156 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. | |||||
| CVE-2021-30635 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote attacker to get a list of files and directories that exist in a UI-related folder via directory traversal (no customer-specific data is exposed). | |||||
| CVE-2021-30497 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | |||||
| CVE-2021-30483 | 1 Isomorphic-git | 1 Isomorphic-git | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository. | |||||
| CVE-2021-30048 | 1 Novel Boutique House-plus Project | 1 Novel Boutique House-plus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (?????-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. | |||||
| CVE-2021-29695 | 1 Ibm | 6 8335-gca, 8335-gca Firmware, 8335-gta and 3 more | 2024-11-21 | 8.5 HIGH | 6.5 MEDIUM |
| IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request that would allow them to delete arbitrary files on the system. IBM X-Force ID: 200558. | |||||
| CVE-2021-29492 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g. a block on `/admin`. A backend server could then decode slash sequences and normalize path and provide an attacker access beyond the scope provided for by the access control policy. ### Impact Escalation of Privileges when using RBAC or JWT filters with enforcement based on URL path. Users with back end servers that interpret `%2F` and `/` and `%5C` and `\` interchangeably are impacted. ### Attack Vector URL paths containing escaped slash characters delivered by untrusted client. Patches in versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain new path normalization option to decode escaped slash characters. As a workaround, if back end servers treat `%2F` and `/` and `%5C` and `\` interchangeably and a URL path based access control is configured, one may reconfigure the back end server to not treat `%2F` and `/` and `%5C` and `\` interchangeably. | |||||
| CVE-2021-29474 | 1 Hedgedoc | 1 Hedgedoc | 2024-11-21 | 5.0 MEDIUM | 4.7 MEDIUM |
| HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker can read arbitrary `.md` files from the server's filesystem due to an improper input validation, which results in the ability to perform a relative path traversal. To verify if you are affected, you can try to open the following URL: `http://localhost:3000/..%2F..%2FREADME#` (replace `http://localhost:3000` with your instance's base-URL e.g. `https://demo.hedgedoc.org/..%2F..%2FREADME#`). If you see a README page being rendered, you run an affected version. The attack works due the fact that the internal router passes the url-encoded alias to the `noteController.showNote`-function. This function passes the input directly to findNote() utility function, that will pass it on the the parseNoteId()-function, that tries to make sense out of the noteId/alias and check if a note already exists and if so, if a corresponding file on disk was updated. If no note exists the note creation-function is called, which pass this unvalidated alias, with a `.md` appended, into a path.join()-function which is read from the filesystem in the follow up routine and provides the pre-filled content of the new note. This allows an attacker to not only read arbitrary `.md` files from the filesystem, but also observes changes to them. The usefulness of this attack can be considered limited, since mainly markdown files are use the file-ending `.md` and all markdown files contained in the hedgedoc project, like the README, are public anyway. If other protections such as a chroot or container or proper file permissions are in place, this attack's usefulness is rather limited. On a reverse-proxy level one can force a URL-decode, which will prevent this attack because the router will not accept such a path. | |||||
| CVE-2021-29466 | 1 Discord | 1 Discord-recon | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace('..', '')` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4. | |||||
| CVE-2021-29425 | 4 Apache, Debian, Netapp and 1 more | 60 Commons Io, Debian Linux, Active Iq Unified Manager and 57 more | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | |||||
| CVE-2021-29417 | 1 Gitjacker Project | 1 Gitjacker | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git directory because of directory traversal. | |||||
| CVE-2021-29398 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | |||||
| CVE-2021-29395 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. | |||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 6.5 MEDIUM | 6.7 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | |||||
| CVE-2021-29212 | 1 Hp | 1 Ilo Amplifier Pack | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. | |||||
| CVE-2021-29157 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 2.1 LOW | 7.5 HIGH |
| Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. | |||||