Total
6551 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42556 | 1 Rasa | 1 Rasa X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file. | |||||
| CVE-2021-42542 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||||
| CVE-2021-42261 | 1 Revisorlab | 1 Video Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server. | |||||
| CVE-2021-42183 | 1 Masacms | 1 Masacms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. | |||||
| CVE-2021-42052 | 1 Ipesa | 1 E-flow | 2024-11-21 | N/A | 7.5 HIGH |
| IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. | |||||
| CVE-2021-42022 | 1 Siemens | 1 Simatic Easie Pcs 7 Skill | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default. | |||||
| CVE-2021-42021 | 1 Siemens | 6 Siveillance Video Dlna Server, Siveillance Video Management Software 2019 R1, Siveillance Video Management Software 2019 R2 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. | |||||
| CVE-2021-42013 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Cloud Backup and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions. | |||||
| CVE-2021-41950 | 1 Montala | 1 Resourcespace | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. | |||||
| CVE-2021-41773 | 4 Apache, Fedoraproject, Netapp and 1 more | 4 Http Server, Fedora, Cloud Backup and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013. | |||||
| CVE-2021-41636 | 1 Melag | 1 Ftp Server | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | |||||
| CVE-2021-41596 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. | |||||
| CVE-2021-41595 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. | |||||
| CVE-2021-41579 | 1 Laquisscada | 1 Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. | |||||
| CVE-2021-41578 | 1 Myscada | 1 Mydesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. | |||||
| CVE-2021-41547 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. | |||||
| CVE-2021-41449 | 1 Netgear | 6 Rax35, Rax35 Firmware, Rax38 and 3 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. | |||||
| CVE-2021-41381 | 1 Payara | 1 Micro Community | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Payara Micro Community 5.2021.6 and below allows Directory Traversal. | |||||
| CVE-2021-41324 | 1 Pydio | 1 Cells | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). | |||||
| CVE-2021-41323 | 1 Pydio | 1 Cells | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. | |||||