Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39109 | 1 Atlassian | 1 Atlasboard | 2024-11-21 | 7.5 High |
| The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | ||||
| CVE-2021-38758 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of validation in index.php. | ||||
| CVE-2021-38693 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.3 Medium |
| A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later | ||||
| CVE-2021-38612 | 1 Nascent | 1 Remkon Device Manager | 2024-11-21 | 7.5 High |
| In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | ||||
| CVE-2021-38511 | 1 Tar Project | 1 Tar | 2024-11-21 | 7.5 High |
| An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal. | ||||
| CVE-2021-38460 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.5 High |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
| CVE-2021-38454 | 1 Moxa | 1 Mxview | 2024-11-21 | 10 Critical |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
| CVE-2021-38452 | 1 Moxa | 1 Mxview | 2024-11-21 | 7.5 High |
| A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries. | ||||
| CVE-2021-38399 | 1 Honeywell | 8 Application Control Environment, Application Control Environment Firmware, C200 and 5 more | 2024-11-21 | 7.5 High |
| Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories. | ||||
| CVE-2021-38360 | 1 Wp-publications Project | 1 Wp-publications | 2024-11-21 | 8.3 High |
| The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | ||||
| CVE-2021-38197 | 1 Go-unarr Project | 1 Go-unarr | 2024-11-21 | 9.8 Critical |
| unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive. | ||||
| CVE-2021-38146 | 1 Wipro | 1 Holmes | 2024-11-21 | 7.5 High |
| The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. | ||||
| CVE-2021-38136 | 1 Corero | 1 Securewatch Managed Services | 2024-11-21 | 6.5 Medium |
| Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host. | ||||
| CVE-2021-37938 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.3 Medium |
| It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability. | ||||
| CVE-2021-37922 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. | ||||
| CVE-2021-37734 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 6.5 Medium |
| A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.19 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below; Aruba Instant 8.8.x.x: 8.8.0.0 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | ||||
| CVE-2021-37733 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 4.9 Medium |
| A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.11, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | ||||
| CVE-2021-37731 | 2 Arubanetworks, Siemens | 17 7005, 7008, 7010 and 14 more | 2024-11-21 | 6.2 Medium |
| A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | ||||
| CVE-2021-37729 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 6.5 Medium |
| A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | ||||
| CVE-2021-37728 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 6.5 Medium |
| A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Aruba has released patches for ArubaOS that address this security vulnerability. | ||||