Total
6550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46856 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-46830 | 1 Helpsystems | 1 Goanywhere Managed File Transfer | 2024-11-21 | N/A | 6.5 MEDIUM |
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2021-46421 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-46420 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | |||||
| CVE-2021-46417 | 1 Franklinfueling | 2 Colibri, Colibri Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | |||||
| CVE-2021-46381 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow]. | |||||
| CVE-2021-46203 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||||
| CVE-2021-46104 | 1 Webp | 1 Webp Server Go | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server. | |||||
| CVE-2021-45967 | 2 Igniterealtime, Pascom | 2 Openfire, Cloud Phone System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. | |||||
| CVE-2021-45887 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI. | |||||
| CVE-2021-45783 | 1 Bookeen | 2 Notea, Notea Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. | |||||
| CVE-2021-45746 | 1 Webank | 1 Wecube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | |||||
| CVE-2021-45712 | 1 Rust-embed Project | 1 Rust-embed | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. | |||||
| CVE-2021-45452 | 2 Djangoproject, Fedoraproject | 2 Django, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it. | |||||
| CVE-2021-45448 | 1 Hitachi | 1 Vantara Pentaho | 2024-11-21 | N/A | 7.1 HIGH |
| Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. | |||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | |||||
| CVE-2021-45418 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. | |||||
| CVE-2021-45286 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | |||||
| CVE-2021-45043 | 1 Hd-network Real-time Monitoring System Project | 1 Hd-network Real-time Monitoring System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. | |||||
| CVE-2021-45015 | 1 Taogogo | 1 Taocms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. | |||||