CVE-2021-41103

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit entree to the host to trusted users. Update directory permission on container bundles directories. (CVSS:0.0) (Last Update:2021-10-04)

2021-10-03T20:00:00-04:00October 3rd, 2021|Directory Traversal|

CVE-2021-41595

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the file_name parameter of the Step3 import functionality. (CVSS:0.0) (Final Update:2021-10-04)

2021-10-03T20:00:00-04:00October 3rd, 2021|Directory Traversal|

CVE-2021-41596

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality. (CVSS:0.0) (Final Update:2021-10-04)

2021-10-03T20:00:00-04:00October 3rd, 2021|Directory Traversal|

CVE-2021-41323

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. (CVSS:0.0) (Closing Update:2021-09-30)

2021-09-29T20:00:00-04:00September 29th, 2021|Directory Traversal|

CVE-2021-41324

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). (CVSS:0.0) (Last Update:2021-09-30)

2021-09-29T20:00:00-04:00September 29th, 2021|Directory Traversal|

CVE-2021-36286

Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions prior to 3.9.13.0 contain an arbitrary file deletion vulnerability that can be exploited by using the Windows feature of NTFS called Symbolic links. Symbolic links can be created by any(non-privileged) user under some object directories, but by themselves are not sufficient to successfully escalate privileges. However, combining them with a dissimilar object, such as the NTFS junction point allows for the exploitation. Support assist clean files functionality do not distinguish junction points from the physical folder and proceeds to clean the target of the junction that allows nonprivileged users to create junction points and delete arbitrary files on the system which can be accessed only by the admin. (CVSS:0.0) (Final Update:2021-09-28)

2021-09-27T20:00:00-04:00September 27th, 2021|Directory Traversal|

CVE-2021-21569

Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain admittance to unauthorized information. (CVSS:4.0) (Last Update:2021-10-01)

2021-09-27T20:00:00-04:00September 27th, 2021|Directory Traversal|

CVE-2021-22013

The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network accession to port 443 on vCenter Server may exploit this issue to gain entree to frail information. (CVSS:5.0) (Concluding Update:2021-09-27)

2021-09-22T20:00:00-04:00September 22nd, 2021|Directory Traversal|
Go to Top