Total
3863 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24209 | 1 Automattic | 1 Wp Super Cache | 2024-08-03 | 7.2 High |
| The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. | ||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2024-08-03 | 6.3 Medium |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | ||||
| CVE-2021-22961 | 1 Glasswire | 1 Glasswire | 2024-08-03 | 9.8 Critical |
| A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution. | ||||
| CVE-2021-22952 | 1 Ui | 1 Unifi Talk | 2024-08-03 | 8.8 High |
| A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. | ||||
| CVE-2021-22894 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-08-03 | 8.8 High |
| A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room. | ||||
| CVE-2021-22900 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-08-03 | 7.2 High |
| A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | ||||
| CVE-2021-22557 | 1 Google | 1 Slo Generator | 2024-08-03 | 5.3 Medium |
| SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 | ||||
| CVE-2021-22395 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-03 | 7.5 High |
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-22336 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-03 | 7.5 High |
| There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. | ||||
| CVE-2021-22282 | 1 Br-automation | 1 Automation Studio | 2024-08-03 | 8.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in B&R Industrial Automation Automation Studio allows Local Execution of Code.This issue affects Automation Studio: from 4.0 through 4.12. | ||||
| CVE-2021-22150 | 1 Elastic | 1 Kibana | 2024-08-03 | 6.6 Medium |
| It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server. | ||||
| CVE-2021-22205 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 10 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution. | ||||
| CVE-2021-22204 | 3 Debian, Exiftool Project, Fedoraproject | 3 Debian Linux, Exiftool, Fedora | 2024-08-03 | 6.8 Medium |
| Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | ||||
| CVE-2021-22053 | 1 Vmware | 1 Spring Cloud Netflix | 2024-08-03 | 8.8 High |
| Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. | ||||
| CVE-2021-22117 | 2 Microsoft, Vmware | 2 Windows, Rabbitmq | 2024-08-03 | 7.8 High |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | ||||
| CVE-2021-21480 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2024-08-03 | 8.8 High |
| SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. | ||||
| CVE-2021-21466 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2024-08-03 | 8.8 High |
| SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service. | ||||
| CVE-2021-21477 | 1 Sap | 1 Commerce | 2024-08-03 | 9.9 Critical |
| SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application. | ||||
| CVE-2021-21433 | 1 Demon1a | 1 Discord-recon | 2024-08-03 | 9.9 Critical |
| Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2. | ||||
| CVE-2021-21415 | 1 Prisma | 1 Language-tools | 2024-08-03 | 7.8 High |
| Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a project that has a .vscode/settings.json file that sets a value for "prismaFmtBinPath". That custom binary is executed when auto-formatting is triggered by VS Code or when validation checks are triggered after each keypress on a *.prisma file. Fixed in versions 2.20.0 and 20.0.27. As a workaround users can either edit or delete the `.vscode/settings.json` file or check if the binary is malicious and delete it. | ||||