CVE-2004-2021
published 2004-12-31CVE-2004-2021: Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.80%
88.7th percentile
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
| oscommerce | oscommerce | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.2MEDIUM
vendor_oracle4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x38v-xq6h-466m: Directory traversal vulnerability in file_manager
ghsa_unreviewed·2022-04-29
CVE-2004-2021 [MEDIUM] GHSA-x38v-xq6h-466m: Directory traversal vulnerability in file_manager
Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.
Red Hat
kernel: drm/amdgpu: Fixed bug on error when unloading amdgpu
vendor_redhat·2024-08-21·CVSS 5.5
CVE-2023-52912 [MEDIUM] CWE-99 kernel: drm/amdgpu: Fixed bug on error when unloading amdgpu
kernel: drm/amdgpu: Fixed bug on error when unloading amdgpu
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fixed bug on error when unloading amdgpu
Fixed bug on error when unloading amdgpu.
The error message is as follows:
[ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278!
[ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1
[ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021
[ 377.706238] RIP: 0010:drm_buddy_free_block+0x26/0x30 [drm_buddy]
[ 377.706264] Code: 00 00 00 90 0f 1f 44 00 00 48 8b 0e 89 c8 25 00 0c 00 00 3d 00 04 00 00 75 10 48 8b 47 18 48 d3 e0 48 01 47 28 e9 fa fe ff ff 0b 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 41
Red Hat
kernel: x86/ioremap: Map EFI-reserved memory as encrypted for SEV
vendor_redhat·2024-05-21·CVSS 6.2
CVE-2021-47228 [MEDIUM] CWE-99 kernel: x86/ioremap: Map EFI-reserved memory as encrypted for SEV
kernel: x86/ioremap: Map EFI-reserved memory as encrypted for SEV
In the Linux kernel, the following vulnerability has been resolved:
x86/ioremap: Map EFI-reserved memory as encrypted for SEV
Some drivers require memory that is marked as EFI boot services
data. In order for this memory to not be re-used by the kernel
after ExitBootServices(), efi_mem_reserve() is used to preserve it
by inserting a new EFI memory descriptor and marking it with the
EFI_MEMORY_RUNTIME attribute.
Under SEV, memory marked with the EFI_MEMORY_RUNTIME attribute needs to
be mapped encrypted by Linux, otherwise the kernel might crash at boot
like below:
EFI Variables Facility v0.08 2004-May-17
general protection fault, probably for non-canonical address 0x3597688770a868b2: 0000 [#1] SMP NOPTI
CPU: 13 PID: 1 Comm:
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Integration - Scripting — CVE-2021-2004
vendor_oracle·2021-01-15·CVSS 4.3
CVE-2021-2004 [MEDIUM] Oracle Oracle Siebel CRM Risk Matrix: Integration - Scripting — CVE-2021-2004
Oracle Oracle Siebel CRM Risk Matrix: Integration - Scripting vulnerability
CVE: CVE-2021-2004
CVSS: 4.3
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujan2021 (JAN 2021)
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2005-03/0378.htmlhttp://marc.info/?l=bugtraq&m=108482902101519&w=2http://secunia.com/advisories/11624http://securitytracker.com/id?1010176http://www.excluded.org/advisories/advisory13.txthttp://www.osvdb.org/6308http://www.securityfocus.com/bid/10364https://exchange.xforce.ibmcloud.com/vulnerabilities/16174http://archives.neohapsis.com/archives/bugtraq/2005-03/0378.htmlhttp://marc.info/?l=bugtraq&m=108482902101519&w=2http://secunia.com/advisories/11624http://securitytracker.com/id?1010176http://www.excluded.org/advisories/advisory13.txthttp://www.osvdb.org/6308http://www.securityfocus.com/bid/10364https://exchange.xforce.ibmcloud.com/vulnerabilities/16174
2004-12-31
Published