Total
7638 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34711 | 1 Cisco | 32 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 8832 and 29 more | 2024-11-21 | 5.5 Medium |
| A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system. | ||||
| CVE-2021-34701 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection | 2024-11-21 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system. | ||||
| CVE-2021-34594 | 1 Beckhoff | 4 Tf6100, Tf6100 Firmware, Ts6100 and 1 more | 2024-11-21 | 6.5 Medium |
| TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. | ||||
| CVE-2021-34553 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 4.3 Medium |
| Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been granted access. | ||||
| CVE-2021-34436 | 1 Eclipse | 1 Theia | 2024-11-21 | 9.8 Critical |
| In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default. | ||||
| CVE-2021-34422 | 1 Keybase | 1 Keybase | 2024-11-21 | 7.2 High |
| The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution. | ||||
| CVE-2021-34363 | 2 Fedoraproject, The Fuck Project | 2 Fedora, The Fuck | 2024-11-21 | 9.1 Critical |
| The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | ||||
| CVE-2021-34129 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 8.1 High |
| LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. | ||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-11-21 | 5.3 Medium |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | ||||
| CVE-2021-33807 | 1 Gespage | 1 Gespage | 2024-11-21 | 7.5 High |
| Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | ||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2024-11-21 | 7.5 High |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | ||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33725 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33724 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | ||||
| CVE-2021-33722 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 4.9 Medium |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | ||||
| CVE-2021-33692 | 1 Sap | 1 Cloud Connector | 2024-11-21 | 7.5 High |
| SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. | ||||
| CVE-2021-33685 | 1 Sap | 1 Business One | 2024-11-21 | 6.5 Medium |
| SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data | ||||
| CVE-2021-33576 | 1 Cleo | 1 Lexicom | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. | ||||
| CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 7.5 High |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2024-11-21 | 9.1 Critical |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | ||||