Total
8097 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21896 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21895 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21894 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21886 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21885 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21880 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21879 | 1 Lantronix | 1 Premierwave 2050 | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21706 | 2 Microsoft, Php | 2 Windows, Php | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. | |||||
| CVE-2021-21698 | 1 Jenkins | 1 Subversion | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. | |||||
| CVE-2021-21692 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. | |||||
| CVE-2021-21690 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. | |||||
| CVE-2021-21683 | 2 Jenkins, Microsoft | 2 Jenkins, Windows | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files. | |||||
| CVE-2021-21605 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file. | |||||
| CVE-2021-21586 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files on the system. | |||||
| CVE-2021-21569 | 1 Dell | 1 Emc Networker | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | |||||
| CVE-2021-21514 | 1 Dell | 1 Openmanage Server Administrator | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request. | |||||
| CVE-2021-21501 | 1 Apache | 1 Servicecomb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper configuration will cause ServiceComb ServiceCenter Directory Traversal problem in ServcieCenter 1.x.x versions and fixed in 2.0.0. | |||||
| CVE-2021-21475 | 1 Sap | 1 Netweaver Master Data Management Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthorized attacker to exploit insufficient validation of path information provided by users, thus characters representing 'traverse to parent directory' are passed through to the file APIs. Due to this Directory Traversal vulnerability the attacker could read content of arbitrary files on the remote server and expose sensitive data. | |||||
| CVE-2021-21402 | 1 Jellyfin | 1 Jellyfin | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public Internet are potentially at risk. This is fixed in version 10.7.1. As a workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem, however, it is recommended to update as soon as possible. | |||||
| CVE-2021-21357 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | |||||