Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22028 | 1 Greenplum | 1 Greenplum | 2021-11-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can read/write information from the file system using this vulnerability. | |||||
| CVE-2021-24644 | 1 Imagestowebp Project | 1 Images To Webp | 2021-11-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Images to WebP WordPress plugin before 1.9 does not validate or sanitise the tab parameter before passing it to the include() function, which could lead to a Local File Inclusion issue | |||||
| CVE-2021-33491 | 1 Open-xchange | 1 Ox App Suite | 2021-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with auto-configuration DNS records. | |||||
| CVE-2021-38146 | 1 Wipro | 1 Holmes | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. | |||||
| CVE-2021-37938 | 1 Elastic | 1 Kibana | 2021-11-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily traverse the Kibana host to load internal files ending in the .pbf extension. Thanks to Dominic Couture for finding this vulnerability. | |||||
| CVE-2020-15246 | 1 Octobercms | 1 October | 2021-11-18 | 5.0 MEDIUM | 7.5 HIGH |
| October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0. | |||||
| CVE-2021-43495 | 1 Alquistai | 1 Alquist | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | |||||
| CVE-2021-41950 | 1 Montala | 1 Resourcespace | 2021-11-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. | |||||
| CVE-2021-43494 | 1 Codingforentrepreneurs | 1 Opencv Rest Api | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | |||||
| CVE-2021-43496 | 1 Clustering Project | 1 Clustering | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | |||||
| CVE-2021-43492 | 1 Alquistai | 1 Alquist | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. | |||||
| CVE-2021-34422 | 1 Keybase | 1 Keybase | 2021-11-16 | 6.0 MEDIUM | 9.0 CRITICAL |
| The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution. | |||||
| CVE-2021-43493 | 1 Servermanagement Project | 1 Servermanagement | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. | |||||
| CVE-2021-22870 | 1 Github | 1 Enterprise Server | 2021-11-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.19, 3.1.11, and 3.2.3. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2009-3898 | 2 F5, Nginx | 2 Nginx, Nginx | 2021-11-10 | 4.9 MEDIUM | N/A |
| Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. | |||||
| CVE-2010-2266 | 1 F5 | 1 Nginx | 2021-11-10 | 5.0 MEDIUM | N/A |
| nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence. | |||||
| CVE-2021-43264 | 1 Mahara | 1 Mahara | 2021-11-09 | 2.1 LOW | 3.3 LOW |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character. | |||||
| CVE-2021-3924 | 1 Getgrav | 1 Grav | 2021-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2021-3916 | 1 Bookstackapp | 1 Bookstack | 2021-11-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||||
| CVE-2021-21698 | 1 Jenkins | 1 Subversion | 2021-11-08 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | |||||