Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34363 | 2 Fedoraproject, The Fuck Project | 2 Fedora, The Fuck | 2024-11-21 | 9.1 Critical |
| The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | ||||
| CVE-2021-34129 | 1 Laiketui | 1 Laiketui | 2024-11-21 | 8.1 High |
| LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary files, as demonstrated by deleting install.lock in order to reinstall the product in an attacker-controlled manner. This deletion is possible via directory traversal in the uploadImg, oldpic, or imgurl parameter. | ||||
| CVE-2021-33896 | 2 Dino, Fedoraproject | 2 Dino, Fedora | 2024-11-21 | 5.3 Medium |
| Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators. | ||||
| CVE-2021-33807 | 1 Gespage | 1 Gespage | 2024-11-21 | 7.5 High |
| Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. | ||||
| CVE-2021-33800 | 1 Alibaba | 1 Druid | 2024-11-21 | 7.5 High |
| In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. | ||||
| CVE-2021-33726 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33725 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory. | ||||
| CVE-2021-33724 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 9.1 Critical |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path. | ||||
| CVE-2021-33722 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 4.9 Medium |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system. | ||||
| CVE-2021-33692 | 1 Sap | 1 Cloud Connector | 2024-11-21 | 7.5 High |
| SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers to escape outside of the restricted location to access files or directories. | ||||
| CVE-2021-33685 | 1 Sap | 1 Business One | 2024-11-21 | 6.5 Medium |
| SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data | ||||
| CVE-2021-33576 | 1 Cleo | 1 Lexicom | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk. | ||||
| CVE-2021-33555 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as- Z2-eth.eip, Wha-gw-f2d2-0-as- Z2-eth.eip Firmware, Wha-gw-f2d2-0-as-z2-eth and 1 more | 2024-11-21 | 7.5 High |
| In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter is vulnerable to unauthenticated path traversal attacks, enabling read access to arbitrary files on the server. | ||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2024-11-21 | 9.1 Critical |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | ||||
| CVE-2021-33491 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 6.5 Medium |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. | ||||
| CVE-2021-33354 | 1 Htmly | 1 Htmly | 2024-11-21 | 8.1 High |
| Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. | ||||
| CVE-2021-33215 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 4.3 Medium |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. | ||||
| CVE-2021-33211 | 1 Element-it | 1 Http Commander | 2024-11-21 | 6.5 Medium |
| A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives. | ||||
| CVE-2021-33203 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Openstack and 2 more | 2024-11-21 | 4.9 Medium |
| Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by application developers to also show file contents, then not only the existence but also the file contents would have been exposed. In other words, there is directory traversal outside of the template root directories. | ||||
| CVE-2021-33183 | 1 Synology | 1 Docker | 2024-11-21 | 7.9 High |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors. | ||||