Total
136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | |||||
| CVE-2021-36763 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. | |||||
| CVE-2021-33359 | 1 Sensepost | 1 Gowitness | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file. | |||||
| CVE-2021-32833 | 1 Emby | 1 Emby.releases | 2024-11-21 | 4.3 MEDIUM | 8.6 HIGH |
| Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet. | |||||
| CVE-2021-32752 | 1 Ethercreative | 1 Logs | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
| Ether Logs is a package that allows one to check one's logs in the Craft 3 utilities section. A vulnerability was found in versions prior to 3.0.4 that allowed authenticated admin users to access any file on the server. The vulnerability has been fixed in version 3.0.4. As a workaround, one may disable the plugin if untrustworthy sources have admin access. | |||||
| CVE-2021-29024 | 1 Invoiceplane | 1 Invoiceplane | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. Allowing an attacker to directory traversal and download files suppose to be private without authentication. | |||||
| CVE-2021-25741 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.5 MEDIUM | 8.8 HIGH |
| A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. | |||||
| CVE-2021-21355 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | |||||
| CVE-2021-20182 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-5356 | 1 Dell | 3 Powerprotect Data Manager, Powerprotect X400, Powerprotect X400 Firmware | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorization vulnerability. A remote authenticated malicious user may download any file from the affected PowerProtect virtual machines. | |||||
| CVE-2020-5250 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.9 MEDIUM | 7.6 HIGH |
| In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. | |||||
| CVE-2020-3927 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2024-11-21 | 8.5 HIGH | 8.3 HIGH |
| An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter. | |||||
| CVE-2020-3267 | 1 Cisco | 1 Unified Contact Center Express | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit this vulnerability by authenticating to an affected system with valid agent credentials and performing a specific API call with crafted input. A successful exploit could allow the attacker to change the availability state of an agent, potentially causing a denial of service condition. | |||||
| CVE-2020-35340 | 1 Expertpdf | 1 Expertpdf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read. | |||||
| CVE-2020-26549 | 1 Aviatrix | 1 Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | |||||
| CVE-2020-22124 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. | |||||
| CVE-2020-15175 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.4 MEDIUM | 7.4 HIGH |
| In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2. | |||||
| CVE-2020-12470 | 1 Mono | 1 Monox | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | |||||
| CVE-2020-11976 | 1 Apache | 2 Fortress, Wicket | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 | |||||
| CVE-2020-11642 | 1 Br-automation | 1 Sitemanager | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | |||||