Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37130 | 1 Huawei | 2 Fusioncube, Fusioncube Firmware | 2021-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. | |||||
| CVE-2021-37124 | 1 Huawei | 2 Pc Smart Full Scene, Pcmanager | 2021-10-28 | 3.3 LOW | 6.5 MEDIUM |
| There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97. | |||||
| CVE-2021-42556 | 1 Rasa | 1 Rasa X | 2021-10-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file. | |||||
| CVE-2021-35230 | 1 Solarwinds | 1 Kiwi Cattools | 2021-10-27 | 7.2 HIGH | 6.7 MEDIUM |
| As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the affected service or uninstall entry. | |||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | |||||
| CVE-2021-41185 | 1 Mycodo Project | 1 Mycodo | 2021-10-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mycodo is an environmental monitoring and regulation system. An exploit in versions prior to 8.12.7 allows anyone with access to endpoints to download files outside the intended directory. A patch has been applied and a release made. Users should upgrade to version 8.12.7. As a workaround, users may manually apply the changes from the fix commit. | |||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | |||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2021-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | |||||
| CVE-2021-34860 | 1 D-link | 2 Dap-2020, Dap-2020 Firmware | 2021-10-27 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the getpage parameter provided to the webproc endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-12103. | |||||
| CVE-2021-42542 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2021-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure. | |||||
| CVE-2021-41127 | 1 Rasa | 1 Rasa | 2021-10-27 | 5.8 MEDIUM | 7.1 HIGH |
| Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot files in the bot directory. The vulnerability is fixed in Rasa 2.8.10. For users unable to update ensure that users do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance. | |||||
| CVE-2021-41150 | 1 Amazon | 1 Tough | 2021-10-26 | 3.5 LOW | 6.5 MEDIUM |
| Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is cached or loaded, files ending with the .json extension could be overwritten with role metadata anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. | |||||
| CVE-2021-31385 | 1 Juniper | 1 Junos | 2021-10-25 | 8.5 HIGH | 8.8 HIGH |
| An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in J-Web of Juniper Networks Junos OS allows any low-privileged authenticated attacker to elevate their privileges to root. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
| CVE-2021-42261 | 1 Revisorlab | 1 Video Management System | 2021-10-25 | 5.0 MEDIUM | 7.5 HIGH |
| Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server. | |||||
| CVE-2021-41149 | 1 Amazon | 1 Tough | 2021-10-25 | 8.5 HIGH | 8.1 HIGH |
| Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known. | |||||
| CVE-2021-41131 | 1 Linuxfoundation | 1 The Update Framework | 2021-10-22 | 8.8 HIGH | 8.7 HIGH |
| python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf. | |||||
| CVE-2021-41151 | 1 Linuxfoundation | 1 Backstage | 2021-10-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a particular source path. When the template is executed the sensitive files would be included in the published pull request. This vulnerability is mitigated by the fact that an attacker would need access to create and register templates in the Backstage catalog, and that the attack is very visible given that the exfiltration happens via a pull request. The vulnerability is patched in the `0.15.9` release of `@backstage/plugin-scaffolder-backend`. | |||||
| CVE-2021-41152 | 1 Frentix | 1 Openolat | 2021-10-22 | 4.0 MEDIUM | 7.7 HIGH |
| OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary. | |||||
| CVE-2021-40724 | 2 Adobe, Google | 2 Acrobat Reader, Android | 2021-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| Acrobat Reader for Android versions 21.8.0 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40988 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2021-10-21 | 9.0 HIGH | 7.2 HIGH |
| A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||