Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-552

CWE-552

Files or Directories Accessible to External Parties

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product makes files or directories accessible to unauthorized actors, even though they should not be.

474 vulnerabilities with CWE-552

CVE-2021-43821 CRITICAL

Opencast <9.10-10.6 - Path Traversal

CVE-2021-25521 MEDIUM

Samsung Internet <16.0.2 - Info Disclosure

CVE-2021-31850 MEDIUM

McAfee Database Security < 4.8.4 - Authenticated Denial of Service and Arbitrary File Write via Archiving Configuration

CVE-2021-43772 MEDIUM

Trend Micro Security <2021-17.0 - Info Disclosure

CVE-2021-42744 MEDIUM

Philips MRI 1.5T and 3T 5.3-5.8.1 - Unauthorized Resource Access

CVE-2021-31600 MEDIUM

Hitachi Vantara Pentaho <9.1 - Info Disclosure

CVE-2021-35203 MEDIUM

NETSCOUT Systems nGeniusONE <6.3.0 - Info Disclosure

CVE-2021-41573 HIGH

Hitachi Content Platform Anywhere >=4.4.5 - Authenticated Information Disclosure via Expired File Share Links

CVE-2021-22015 HIGH

VMware Cloud Foundation 3.0-5.0 and vCenter Server - Local Privilege Escalation via Improper File Permissions

CVE-2021-25741 HIGH

Kubernetes < 1.19.14 - Unauthenticated Files or Directories Accessible via Subpath Volume Mounts

CVE-2021-32833 HIGH

Emby Server <4.6.4.0 - Info Disclosure

CVE-2021-34765 MEDIUM

Cisco Nexus Insights - Info Disclosure

CVE-2021-36233 MEDIUM

MIK.starlight 7.9.5.24363 - Info Disclosure

CVE-2021-39316 HIGH

Zoomsounds <= 6.45 - Unauthenticated Arbitrary File Read via dzsap_download Action

CVE-2021-38711 HIGH

gitit < 0.15.0.0 - Information Disclosure via Export Feature

CVE-2021-37348 HIGH

Nagios XI < 5.8.5 - Local File Inclusion via index.php

CVE-2021-29969 MEDIUM

Thunderbird <78.12 - Info Disclosure

CVE-2021-36763 HIGH

CODESYS V3 <3.5.17.10 - Info Disclosure

CVE-2021-32688 HIGH

Nextcloud Server <19.0.13, <20.0.11, <21.0.3 - Privilege Escalation

CVE-2021-32752 HIGH

Craft 3 <3.0.4 - Privilege Escalation

CVE-2021-22769 MEDIUM

Easergy T300 <V2.7.1 - Info Disclosure

CVE-2021-33359 HIGH

gowitness < 2.3.6 - Unauthenticated Arbitrary File Read via URL Parameter

CVE-2021-31831 MEDIUM

McAfee DBSec <4.8.2 - Info Disclosure

CVE-2021-29024 HIGH

InvoicePlane 1.5.11 - Unauthenticated Directory Traversal and Arbitrary File Download

CVE-2021-1512 MEDIUM

Cisco SD-WAN Software - Command Injection

Previous Page 15 of 19 Next

Details

Vulnerabilities 474

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy