Total
329 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21236 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-1585 | 1 Project-source-code-download Project | 1 Project-source-code-download | 2024-11-21 | N/A | 7.5 HIGH |
| The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | |||||
| CVE-2022-1117 | 1 Fapolicyd Project | 1 Fapolicyd | 2024-11-21 | N/A | 8.4 HIGH |
| A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. | |||||
| CVE-2022-0656 | 1 Webtoprint | 1 Web To Print Shop\ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) | |||||
| CVE-2022-0244 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file. | |||||
| CVE-2021-4112 | 1 Redhat | 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. | |||||
| CVE-2021-44983 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | |||||
| CVE-2021-44315 | 1 Bus Pass Management System Project | 1 Bus Pass Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | |||||
| CVE-2021-43821 | 1 Apereo | 1 Opencast | 2024-11-21 | 4.0 MEDIUM | 9.9 CRITICAL |
| Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast before version 9.10 or 10.6 allows references to local file URLs in ingested media packages, allowing attackers to include local files from Opencast's host machines and making them available via the web interface. Before Opencast 9.10 and 10.6, Opencast would open and include local files during ingests. Attackers could exploit this to include most local files the process has read access to, extracting secrets from the host machine. An attacker would need to have the privileges required to add new media to exploit this. But these are often widely given. The issue has been fixed in Opencast 10.6 and 11.0. You can mitigate this issue by narrowing down the read access Opencast has to files on the file system using UNIX permissions or mandatory access control systems like SELinux. This cannot prevent access to files Opencast needs to read though and we highly recommend updating. | |||||
| CVE-2021-43772 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ Security, Internet Security and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. | |||||
| CVE-2021-42644 | 1 Cmseasy | 1 Cmseasy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. | |||||
| CVE-2021-41573 | 1 Hitachi | 1 Content Platform Anywhere | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or earlier and then shares the link and then later deletes the file or folder without deleting the link and before the link expires. If the system has been upgraded to version 4.4.5 or 4.5.0 a malicious user with the link could browse and download all files of the authenticated user that created the link . | |||||
| CVE-2021-40150 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI. | |||||
| CVE-2021-40149 | 1 Reolink | 2 E1 Zoom, E1 Zoom Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI. | |||||
| CVE-2021-3996 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
| CVE-2021-3995 | 2 Fedoraproject, Kernel | 2 Fedora, Util-linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | |||||
| CVE-2021-3717 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Single Sign-on and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. | |||||
| CVE-2021-39316 | 1 Digitalzoomstudio | 1 Zoomsounds | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter. | |||||
| CVE-2021-38711 | 1 Gitit Project | 1 Gitit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. | |||||
| CVE-2021-37348 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of a pathname in index.php. | |||||