Total
5025 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27461 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2021-05-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. | |||||
| CVE-2021-33497 | 1 Dutchcoders | 1 Transfer.sh | 2021-05-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files. | |||||
| CVE-2021-31800 | 2 Fedoraproject, Secureauth | 2 Fedora, Impacket | 2021-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. | |||||
| CVE-2020-21055 | 1 Fusionpbx | 1 Fusionpbx | 2021-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php. | |||||
| CVE-2020-36364 | 1 Smartstore | 1 Smartstorenet | 2021-05-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0. Administration/Controllers/ImportController.cs allows path traversal (for copy and delete actions) in the ImportController.Create method via a TempFileName field. | |||||
| CVE-2020-21057 | 1 Fusionpbx | 1 Fusionpbx | 2021-05-25 | 5.5 MEDIUM | 8.1 HIGH |
| Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php. | |||||
| CVE-2020-21056 | 1 Fusionpbx | 1 Fusionpbx | 2021-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php. | |||||
| CVE-2020-18178 | 1 Hongcms Project | 1 Hongcms | 2021-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | |||||
| CVE-2021-32572 | 1 Specotech | 1 Web Viewer | 2021-05-21 | 5.0 MEDIUM | 7.5 HIGH |
| Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file. | |||||
| CVE-2019-18978 | 3 Canonical, Debian, Rack-cors Project | 3 Ubuntu Linux, Debian Linux, Rack-cors | 2021-05-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. | |||||
| CVE-2020-23575 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. | |||||
| CVE-2021-1532 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2021-05-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability is due to insufficient path validation of command arguments. An attacker could exploit this vulnerability by sending a crafted command request to the xAPI. A successful exploit could allow the attacker to read the contents of any file that is located on the device filesystem. | |||||
| CVE-2019-13551 | 1 Advantech | 1 Wise-paas\/rmm | 2021-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. Path traversal vulnerabilities are caused by a lack of proper validation of a user-supplied path prior to use in file operations. An attacker can leverage these vulnerabilities to remotely execute code while posing as an administrator. | |||||
| CVE-2021-28149 | 1 Hongdian | 2 H8922, H8922 Firmware | 2021-05-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file. | |||||
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2021-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | |||||
| CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2021-05-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||||
| CVE-2021-29246 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 6.5 MEDIUM | 6.7 MEDIUM |
| BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special characters to upload the file outside of the restricted directory. | |||||
| CVE-2021-28959 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2021-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution. | |||||
| CVE-2021-31421 | 1 Parallels | 1 Parallels Desktop | 2021-05-10 | 2.1 LOW | 6.0 MEDIUM |
| This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete arbitrary files in the context of the hypervisor. Was ZDI-CAN-12129. | |||||
| CVE-2020-4993 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2021-05-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905. | |||||