Total
7849 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28644 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-28588 | 1 Adobe | 1 Robohelp Server | 2024-11-21 | 8.8 High |
| Adobe RoboHelp Server version 2019.0.9 (and earlier) is affected by a Path Traversal vulnerability when parsing a crafted HTTP POST request. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | ||||
| CVE-2021-28584 | 1 Magento | 1 Magento | 2024-11-21 | 5.4 Medium |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a Path Traversal vulnerability when creating a store with child theme.Successful exploitation could lead to arbitrary file system write by an authenticated attacker. Access to the admin console is required for successful exploitation. | ||||
| CVE-2021-28485 | 1 Ericsson | 2 Mobile Switching Center Server Bc 18a, Mobile Switching Center Server Bc 18a Firmware | 2024-11-21 | 4.3 Medium |
| In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. | ||||
| CVE-2021-28377 | 1 Chronoengine | 1 Chronoforums | 2024-11-21 | 5.3 Medium |
| ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. | ||||
| CVE-2021-28376 | 1 Chronoengine | 1 Chronoforums | 2024-11-21 | 2.7 Low |
| ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. | ||||
| CVE-2021-28209 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-11-21 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2021-28208 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-11-21 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2021-28207 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-11-21 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2021-28206 | 1 Asus | 88 Asmb9-ikvm, Asmb9-ikvm Firmware, E700 G4 and 85 more | 2024-11-21 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2021-28205 | 1 Asus | 6 Asmb8-ikvm, Asmb8-ikvm Firmware, Z10pe-d16 Ws and 3 more | 2024-11-21 | 4.9 Medium |
| The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. | ||||
| CVE-2021-28172 | 1 Deltaflow Project | 1 Deltaflow | 2024-11-21 | 7.5 High |
| There is a Path Traversal vulnerability in the file download function of Vangene deltaFlow E-platform. Remote attackers can access credential data with this leakage. | ||||
| CVE-2021-28149 | 1 Hongdian | 2 H8922, H8922 Firmware | 2024-11-21 | 6.5 Medium |
| Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file. | ||||
| CVE-2021-28042 | 1 Deutschepost | 1 Mailoptimizer | 2024-11-21 | 7.8 High |
| Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. | ||||
| CVE-2021-27771 | 1 Hcltech | 1 Sametime | 2024-11-21 | 8.2 High |
| User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files. | ||||
| CVE-2021-27755 | 1 Hcltech | 1 Hcl Sametime | 2024-11-21 | 5.5 Medium |
| "Sametime Android potential path traversal vulnerability when using File class" | ||||
| CVE-2021-27753 | 1 Hcltech | 1 Hcl Sametime | 2024-11-21 | 5.5 Medium |
| "Sametime Android PathTraversal Vulnerability" | ||||
| CVE-2021-27461 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected webserver applications allow access to stored data that can be obtained by using specially crafted URLs. | ||||
| CVE-2021-27402 | 1 Mitel | 1 Micollab | 2024-11-21 | 6.5 Medium |
| The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL validation, aka Directory Traversal. | ||||
| CVE-2021-27367 | 1 Boltcms | 1 Bolt | 2024-11-21 | 7.5 High |
| Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. | ||||