Search
Total
4706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0320 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead to RCE via user uploaded files or other LFI to RCE techniques. | |||||
| CVE-2021-23520 | 1 Juce | 1 Juce | 2022-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object. | |||||
| CVE-2021-34805 | 1 Land-software | 1 Faust Iserver | 2022-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. | |||||
| CVE-2022-23409 | 1 Ethercreative | 1 Logs | 2022-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | |||||
| CVE-2008-2938 | 1 Apache | 1 Tomcat | 2022-02-03 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version. | |||||
| CVE-2022-22932 | 1 Apache | 1 Karaf | 2022-02-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326 | |||||
| CVE-2021-40745 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server. | |||||
| CVE-2022-22790 | 1 Synel | 1 Eharmony | 2022-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| SYNEL - eharmony Directory Traversal. Directory Traversal - is an attack against a server or a Web application aimed at unauthorized access to the file system. on the "Name" parameter the attacker can return to the root directory and open the host file. The path exposes sensitive files that users upload | |||||
| CVE-2021-22022 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2022-02-01 | 4.0 MEDIUM | 4.9 MEDIUM |
| The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbitrary file on server leading to information disclosure. | |||||
| CVE-2020-17383 | 1 Telosalliance | 2 Z\/ip One, Z\/ip One Firmware | 2022-01-28 | 10.0 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI. | |||||
| CVE-2021-23631 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2022-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. | |||||
| CVE-2022-23119 | 2 Linux, Trendmicro | 2 Linux Kernel, Deep Security Agent | 2022-01-27 | 4.3 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security Manager (DSM) or the target agent must be not yet activated or configured in order to exploit this vulnerability. | |||||
| CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2022-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | |||||
| CVE-2021-46203 | 1 Taogogo | 1 Taocms | 2022-01-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | |||||
| CVE-2021-46104 | 1 Webp | 1 Webp Server Go | 2022-01-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server. | |||||
| CVE-2022-21693 | 1 Onionshare | 1 Onionshare | 2022-01-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release. | |||||
| CVE-2021-32674 | 1 Zope | 1 Zope | 2022-01-21 | 6.5 MEDIUM | 8.8 HIGH |
| Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only. | |||||
| CVE-2021-44548 | 2 Apache, Microsoft | 2 Solr, Windows | 2022-01-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. | |||||
| CVE-2022-22054 | 1 Asus | 2 Rt-ax56u, Rt-ax56u Firmware | 2022-01-21 | 3.3 LOW | 6.5 MEDIUM |
| ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files. | |||||
| CVE-2022-21675 | 1 Bytecode Viewer Project | 1 Bytecode Viewer | 2022-01-19 | 6.8 MEDIUM | 7.8 HIGH |
| Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Versions of the package prior to 2.11.0 are vulnerable to Arbitrary File Write via Archive Extraction (AKA "Zip Slip"). The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The Zip Slip vulnerability can affect numerous archive formats, including zip, jar, tar, war, cpio, apk, rar and 7z. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. The impact of a Zip Slip vulnerability would allow an attacker to create or overwrite existing files on the filesystem. In the context of a web application, a web shell could be placed within the application directory to achieve code execution. All users should upgrade to BCV v2.11.0 when possible to receive a patch. There are no recommended workarounds aside from upgrading. | |||||
| CVE-2021-23514 | 1 Crowcpp | 1 Crow | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server. | |||||
| CVE-2022-22836 | 1 Coreftp | 1 Core Ftp | 2022-01-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. | |||||
| CVE-2021-34363 | 1 The Fuck Project | 1 The Fuck | 2022-01-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature. | |||||
| CVE-2018-19052 | 2 Lighttpd, Suse | 2 Lighttpd, Suse Linux Enterprise Server | 2022-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character. | |||||
| CVE-2022-22821 | 1 Nvidia | 1 Nemo | 2022-01-18 | 2.1 LOW | 4.4 MEDIUM |
| NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. | |||||
| CVE-2021-28377 | 1 Chronoengine | 1 Chronoforums | 2022-01-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. | |||||
| CVE-2021-28376 | 1 Chronoengine | 1 Chronoforums | 2022-01-18 | 4.0 MEDIUM | 2.7 LOW |
| ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. | |||||
| CVE-2021-39143 | 1 Linuxfoundation | 1 Spinnaker | 2022-01-18 | 3.6 LOW | 7.1 HIGH |
| Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs. | |||||
| CVE-2020-29050 | 1 Sphinxsearch | 1 Sphinx | 2022-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. | |||||
| CVE-2021-40001 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. | |||||
| CVE-2021-40003 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-39970 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. | |||||
| CVE-2021-44351 | 1 Naviwebs | 1 Navigate Cms | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. | |||||
| CVE-2021-20133 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2022-01-12 | 7.1 HIGH | 6.1 MEDIUM |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set the "message of the day" banner to any file on the system, allowing them to read all or some of the contents of those files. Such sensitive information as hashed credentials, hardcoded plaintext passwords for other services, configuration files, and private keys can be disclosed in this fashion. Improper handling of filenames that identify virtual resources, such as "/dev/urandom" allows an attacker to effect a denial of service attack against the command line interfaces of the Quagga services (zebra and ripd). | |||||
| CVE-2021-20134 | 1 Dlink | 2 Dir-2640-us, Dir-2640-us Firmware | 2022-01-12 | 7.4 HIGH | 8.4 HIGH |
| Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service (zebra or ripd). Subsequent log messages will be appended to the file, prefixed by a timestamp and some logging metadata. Remote code execution can be achieved by using this vulnerability to append to a shell script on the router's filesystem, and then awaiting or triggering the execution of that script. A remote, unauthenticated root shell can easily be obtained on the device in this fashion. | |||||
| CVE-2021-37128 | 1 Huawei | 1 Harmonyos | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may write any file. | |||||
| CVE-2021-37126 | 1 Huawei | 1 Harmonyos | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. | |||||
| CVE-2021-44674 | 1 Opmantek | 1 Open-audit | 2022-01-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability allows an authenticated attacker to read file outside of the restricted directory. | |||||
| CVE-2021-45427 | 1 Emerson | 2 Xweb300d Evo, Xweb300d Evo Firmware | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal. | |||||
| CVE-2021-25021 | 1 Ffw | 1 Optimize My Google Fonts | 2022-01-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | |||||
| CVE-2021-25020 | 1 Ffw | 1 Complete Analytics Optimization Suite | 2022-01-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin | |||||
| CVE-2021-43815 | 1 Grafana | 1 Grafana | 2022-01-10 | 3.5 LOW | 4.3 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. | |||||
| CVE-2021-43813 | 1 Grafana | 1 Grafana | 2022-01-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text. | |||||
| CVE-2021-20876 | 1 Groupsession | 1 Groupsession | 2022-01-10 | 4.0 MEDIUM | 6.8 MEDIUM |
| Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors. | |||||
| CVE-2021-45712 | 1 Rust-embed Project | 1 Rust-embed | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode. | |||||
| CVE-2020-7268 | 1 Mcafee | 1 Email Gateway | 2022-01-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prior to 7.6.406 allows remote attackers to traverse the file system to access files or directories that are outside of the restricted directory via external input to construct a path name that should be within a restricted directory. | |||||
| CVE-2020-24219 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2022-01-06 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password. | |||||
| CVE-2021-40858 | 1 Auerswald | 20 Commander 6000r Ip, Commander 6000r Ip Firmware, Commander 6000rx Ip and 17 more | 2022-01-04 | 6.8 MEDIUM | 4.9 MEDIUM |
| Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring. | |||||
| CVE-2021-45418 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2022-01-03 | 6.5 MEDIUM | 8.8 HIGH |
| Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0. | |||||
| CVE-2020-5377 | 1 Dell | 1 Emc Openmanage Server Administrator | 2022-01-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station. | |||||