Total
7067 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32610 | 4 Debian, Fedoraproject, Php and 1 more | 4 Debian Linux, Fedora, Archive Tar and 1 more | 2024-11-21 | 7.1 High |
| In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. | ||||
| CVE-2021-32572 | 1 Specotech | 1 Web Viewer | 2024-11-21 | 7.5 High |
| Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. | ||||
| CVE-2021-32532 | 1 Qsan | 1 Xevo | 2024-11-21 | 7.5 High |
| Path traversal vulnerability in back-end analysis function in QSAN XEVO allows remote attackers to download arbitrary files without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | ||||
| CVE-2021-32527 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 High |
| Path traversal vulnerability in QSAN Storage Manager allows remote unauthenticated attackers to download arbitrary files thru injecting file path in download function. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | ||||
| CVE-2021-32516 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 High |
| Path traversal vulnerability in share_link in QSAN Storage Manager allows remote attackers to download arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32507 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 6.5 Medium |
| Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32506 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 6.5 Medium |
| Absolute Path Traversal vulnerability in GetImage in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3 . | ||||
| CVE-2021-32498 | 1 Sick | 1 Sopas Engineering Tool | 2024-11-21 | 8.6 High |
| SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator | ||||
| CVE-2021-32062 | 2 Fedoraproject, Osgeo | 2 Fedora, Mapserver | 2024-11-21 | 5.3 Medium |
| MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). | ||||
| CVE-2021-32061 | 1 S3scanner Project | 1 S3scanner | 2024-11-21 | 5.3 Medium |
| S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element. | ||||
| CVE-2021-32018 | 1 Jump-technology | 1 Asset Management | 2024-11-21 | 8.5 High |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary file reading due to an improper limitation of file loading on the server filesystem, aka directory traversal. | ||||
| CVE-2021-32016 | 1 Jump-technology | 1 Asset Management | 2024-11-21 | 9.9 Critical |
| An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of arbitrary files to a user-controlled location on the remote filesystem (with user-controlled content) via directory traversal, potentially leading to remote code and command execution. | ||||
| CVE-2021-32008 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 9.9 Critical |
| This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a Pathname to restricted directory, allows logged in GateManager admin to delete system Files or Directories. | ||||
| CVE-2021-31800 | 2 Fedoraproject, Secureauth | 2 Fedora, Impacket | 2024-11-21 | 9.8 Critical |
| Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. | ||||
| CVE-2021-31746 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 9.8 Critical |
| Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted zip files, resulting in directory traversal and potentially arbitrary code execution. | ||||
| CVE-2021-31731 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.5 Medium |
| A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | ||||
| CVE-2021-31542 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 6 Debian Linux, Django, Fedora and 3 more | 2024-11-21 | 7.5 High |
| In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. | ||||
| CVE-2021-31538 | 1 Lancom-systems | 6 Lcos Fx, Uf-160, Uf-260 and 3 more | 2024-11-21 | 7.5 High |
| LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Relative Path Traversal. | ||||
| CVE-2021-31421 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 6.0 Medium |
| This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129. | ||||
| CVE-2021-31385 | 1 Juniper | 1 Junos | 2024-11-21 | 8.8 High |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | ||||