Vulnerabilities > Files or Directories Accessible to External Parties
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2018-10867 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0 Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user. | 9.1 |
| 2021-05-17 | CVE-2021-29024 | Files or Directories Accessible to External Parties vulnerability in Invoiceplane 1.5.11 In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file download. | 7.5 |
| 2021-05-06 | CVE-2021-1512 | Files or Directories Accessible to External Parties vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. | 6.0 |
| 2021-04-29 | CVE-2021-1256 | Files or Directories Accessible to External Parties vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. | 6.0 |
| 2021-04-27 | CVE-2021-21429 | Files or Directories Accessible to External Parties vulnerability in Openapi-Generator Openapi Generator OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. | 3.3 |
| 2021-04-05 | CVE-2021-24154 | Files or Directories Accessible to External Parties vulnerability in Themeeditor Theme Editor The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as /etc/passwd | 4.9 |
| 2021-03-24 | CVE-2021-1434 | Files or Directories Accessible to External Parties vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. | 6.0 |
| 2021-03-16 | CVE-2019-3897 | Files or Directories Accessible to External Parties vulnerability in Redhat Certification It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. | 5.3 |
| 2021-03-09 | CVE-2021-20253 | Files or Directories Accessible to External Parties vulnerability in Redhat Ansible Tower A flaw was found in ansible-tower. | 6.7 |
| 2021-02-24 | CVE-2021-1361 | Files or Directories Accessible to External Parties vulnerability in Cisco Nx-Os 9.3(5)/9.3(6) A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. | 9.1 |