Total
7176 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42771 | 2 Debian, Pocoo | 2 Debian Linux, Babel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | |||||
| CVE-2021-42767 | 1 Neo4j | 1 Awesome Procedures | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1. | |||||
| CVE-2021-42753 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x and 5.8.x may allow an authenticated attacker to perform an arbitrary file and directory deletion in the device filesystem. | |||||
| CVE-2021-42643 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability. | |||||
| CVE-2021-42556 | 1 Rasa | 1 Rasa X | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file. | |||||
| CVE-2021-42542 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||||
| CVE-2021-42261 | 1 Revisorlab | 1 Video Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server. | |||||
| CVE-2021-42183 | 1 Masacms | 1 Masacms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. | |||||
| CVE-2021-42052 | 1 Ipesa | 1 E-flow | 2024-11-21 | N/A | 7.5 HIGH |
| IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. | |||||
| CVE-2021-42022 | 1 Siemens | 1 Simatic Easie Pcs 7 Skill | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. The affected file download function is disabled by default. | |||||
| CVE-2021-42021 | 1 Siemens | 6 Siveillance Video Dlna Server, Siveillance Video Management Software 2019 R1, Siveillance Video Management Software 2019 R2 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1), Siveillance Video DLNA Server (2020 R2), Siveillance Video DLNA Server (2020 R3), Siveillance Video DLNA Server (2021 R1). The affected application contains a path traversal vulnerability that could allow to read arbitrary files on the server that are outside the application’s web document directory. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. | |||||
| CVE-2021-41950 | 1 Montala | 1 Resourcespace | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. | |||||
| CVE-2021-41636 | 1 Melag | 1 Ftp Server | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | |||||
| CVE-2021-41596 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. | |||||
| CVE-2021-41595 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. | |||||
| CVE-2021-41579 | 1 Laquisscada | 1 Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution. | |||||
| CVE-2021-41578 | 1 Myscada | 1 Mydesigner | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks when importing project files. If an attacker can trick a victim into importing a malicious mep file, then they gain the ability to write arbitrary files to OS locations where the user has permission. This would typically lead to code execution. | |||||
| CVE-2021-41547 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6), Teamcenter Active Workspace V5.2 (All versions < V5.2.3). The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. | |||||
| CVE-2021-41449 | 1 Netgear | 6 Rax35, Rax35 Firmware, Rax38 and 3 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet. | |||||
| CVE-2021-41381 | 1 Payara | 1 Micro Community | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Payara Micro Community 5.2021.6 and below allows Directory Traversal. | |||||