Search
Total
403 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24780 | 1 Combodo | 1 Itop | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. | |||||
| CVE-2021-21466 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2022-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service. | |||||
| CVE-2021-42651 | 1 Pentest Collaboration Framework Project | 1 Pentest Collaboration Framework | 2022-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/. | |||||
| CVE-2021-39908 | 1 Gitlab | 1 Gitlab | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | |||||
| CVE-2021-42574 | 2 Fedoraproject, Unicode | 2 Fedora, Unicode | 2022-05-12 | 5.1 MEDIUM | 8.3 HIGH |
| ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm. | |||||
| CVE-2021-38448 | 1 Trane | 6 Ascend Air-cooled Chiller Acr, Intellipak 1, Intellipak 2 and 3 more | 2022-05-10 | 4.6 MEDIUM | 7.6 HIGH |
| The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | |||||
| CVE-2022-24828 | 3 Fedoraproject, Getcomposer, Tenable | 3 Fedora, Composer, Tenable.sc | 2022-05-07 | 6.8 MEDIUM | 8.8 HIGH |
| Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | |||||
| CVE-2022-29814 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible | |||||
| CVE-2022-29819 | 1 Jetbrains | 1 Intellij Idea | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
| In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible | |||||
| CVE-2022-29821 | 1 Jetbrains | 1 Pycharm | 2022-05-05 | 4.4 MEDIUM | 7.7 HIGH |
| In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible | |||||
| CVE-2020-23219 | 1 Monstra | 1 Monstra Cms | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
| Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | |||||
| CVE-2021-36985 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 7.8 HIGH | 7.5 HIGH |
| There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. | |||||
| CVE-2021-27928 | 4 Debian, Galeracluster, Mariadb and 1 more | 4 Debian Linux, Wsrep, Mariadb and 1 more | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
| A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. | |||||
| CVE-2021-31630 | 1 Openplcproject | 2 Openplc V3, Openplc V3 Firmware | 2022-05-03 | 9.0 HIGH | 8.8 HIGH |
| Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application. | |||||
| CVE-2022-0661 | 1 Ad Injection Project | 1 Ad Injection | 2022-04-27 | 6.5 MEDIUM | 7.2 HIGH |
| The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set. | |||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2022-04-26 | 6.5 MEDIUM | 8.8 HIGH |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | |||||
| CVE-2021-21305 | 1 Carrierwave Project | 1 Carrierwave | 2022-04-26 | 7.5 HIGH | 8.8 HIGH |
| CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1. | |||||
| CVE-2021-39115 | 1 Atlassian | 2 Jira Service Desk, Jira Service Management | 2022-04-25 | 9.0 HIGH | 7.2 HIGH |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. | |||||
| CVE-2022-24664 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 4.0 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | |||||
| CVE-2022-24663 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | |||||
| CVE-2022-24665 | 1 Php Everywhere Project | 1 Php Everywhere | 2022-02-24 | 6.5 MEDIUM | 8.8 HIGH |
| PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | |||||
| CVE-2021-46114 | 1 Jpress | 1 Jpress | 2022-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-46118 | 1 Jpress | 1 Jpress | 2022-02-02 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2021-46117 | 1 Jpress | 1 Jpress | 2022-02-01 | 6.5 MEDIUM | 7.2 HIGH |
| jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. | |||||
| CVE-2022-23008 | 1 F5 | 1 Nginx Controller Api Management | 2022-02-01 | 5.5 MEDIUM | 8.1 HIGH |
| On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-23120 | 2 Linux, Trendmicro | 2 Linux Kernel, Deep Security Agent | 2022-01-27 | 6.9 MEDIUM | 7.8 HIGH |
| A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in an un-activated and unconfigured state in order to exploit this vulnerability. | |||||
| CVE-2019-15873 | 1 Metagauss | 1 Profilegrid | 2022-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. | |||||
| CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2020-26124 | 1 Openmediavault | 1 Openmediavault | 2022-01-06 | 9.0 HIGH | 8.8 HIGH |
| openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | |||||
| CVE-2021-37097 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-15 | 7.8 HIGH | 7.5 HIGH |
| There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | |||||
| CVE-2021-43811 | 1 Amazon | 1 Sockeye | 2021-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. | |||||
| CVE-2021-22336 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. | |||||
| CVE-2021-40348 | 2 Spacewalk Project, Uyuni Project | 2 Spacewalk, Uyuni | 2021-12-04 | 9.3 HIGH | 8.8 HIGH |
| Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. | |||||
| CVE-2021-22053 | 1 Vmware | 1 Spring Cloud Netflix | 2021-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. | |||||
| CVE-2021-29679 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2021-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. | |||||
| CVE-2021-41228 | 1 Google | 1 Tensorflow | 2021-11-10 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
| CVE-2021-42057 | 1 Obsidian | 1 Obsidian Dataview | 2021-11-08 | 9.3 HIGH | 7.8 HIGH |
| Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases. | |||||
| CVE-2021-43281 | 1 Mybb | 1 Mybb | 2021-11-05 | 6.5 MEDIUM | 7.2 HIGH |
| MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed on Change Settings pages. | |||||
| CVE-2020-11057 | 1 Xwiki | 1 Xwiki | 2021-11-04 | 9.0 HIGH | 8.8 HIGH |
| In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0. | |||||
| CVE-2021-41619 | 1 Gradle | 1 Enterprise | 2021-11-03 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application. | |||||
| CVE-2021-24546 | 1 Extendify | 1 Editorskit | 2021-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code | |||||
| CVE-2021-22557 | 1 Google | 1 Slo Generator | 2021-10-14 | 6.8 MEDIUM | 7.8 HIGH |
| SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 | |||||
| CVE-2021-22952 | 1 Ui | 1 Unifi Talk | 2021-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. | |||||
| CVE-2021-23358 | 4 Debian, Fedoraproject, Tenable and 1 more | 4 Debian Linux, Fedora, Tenable.sc and 1 more | 2021-09-22 | 6.5 MEDIUM | 7.2 HIGH |
| The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | |||||
| CVE-2021-39503 | 1 Phpmywind | 1 Phpmywind | 2021-09-14 | 6.5 MEDIUM | 7.2 HIGH |
| PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. | |||||
| CVE-2021-37694 | 1 Asyncapi | 1 Java-spring-cloud-stream-template | 2021-09-13 | 6.8 MEDIUM | 7.8 HIGH |
| @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update. | |||||
| CVE-2019-4000 | 2 Apple, Druva | 2 Macos, Insync | 2021-09-08 | 7.2 HIGH | 7.8 HIGH |
| Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges. | |||||
| CVE-2021-32621 | 1 Xwiki | 1 Xwiki | 2021-09-07 | 6.5 MEDIUM | 8.8 HIGH |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1. | |||||
| CVE-2021-32831 | 1 Totaljs | 1 Total.js | 2021-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9. | |||||