Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22836 | 1 Coreftp | 1 Core Ftp | 2022-01-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. | |||||
| CVE-2022-22821 | 1 Nvidia | 1 Nemo | 2022-01-18 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. | |||||
| CVE-2021-28377 | 1 Chronoengine | 1 Chronoforums | 2022-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. | |||||
| CVE-2021-28376 | 1 Chronoengine | 1 Chronoforums | 2022-01-18 | 4.0 MEDIUM | 2.7 LOW |
| ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. | |||||
| CVE-2021-39143 | 1 Linuxfoundation | 1 Spinnaker | 2022-01-18 | 3.6 LOW | 7.1 HIGH |
| Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs. | |||||
| CVE-2021-40001 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. | |||||
| CVE-2021-40003 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-39970 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. | |||||
| CVE-2021-44351 | 1 Naviwebs | 1 Navigate Cms | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. | |||||
| CVE-2021-20133 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2022-01-12 | 7.1 HIGH | 6.1 MEDIUM |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). | |||||
| CVE-2021-20134 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2022-01-12 | 7.4 HIGH | 8.4 HIGH |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router's filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion. | |||||
| CVE-2021-37128 | 1 Huawei | 1 Harmonyos | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | |||||
| CVE-2021-37126 | 1 Huawei | 1 Harmonyos | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. | |||||
| CVE-2021-44674 | 1 Opmantek | 1 Open-audit | 2022-01-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | |||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | |||||
| CVE-2021-25021 | 1 Ffw | 1 Optimize My Google Fonts | 2022-01-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | |||||
| CVE-2021-25020 | 1 Ffw | 1 Complete Analytics Optimization Suite | 2022-01-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | |||||
| CVE-2021-20876 | 1 Groupsession | 1 Groupsession | 2022-01-10 | 4.0 MEDIUM | 6.8 MEDIUM |
| Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors. | |||||
| CVE-2021-45712 | 1 Rust-embed Project | 1 Rust-embed | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. | |||||
| CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2022-01-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | |||||