ReportizFlow
Filtered by vendor
Subscriptions
Total
4109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40553 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.8 High |
| piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | ||||
| CVE-2021-40499 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 9.8 Critical |
| Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | ||||
| CVE-2021-40373 | 1 Playsms | 1 Playsms | 2024-11-21 | 9.8 Critical |
| playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | ||||
| CVE-2021-40348 | 2 Spacewalk Project, Uyuni-project | 2 Spacewalk, Uyuni | 2024-11-21 | 8.8 High |
| Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. | ||||
| CVE-2021-40323 | 1 Cobbler Project | 1 Cobbler | 2024-11-21 | 9.8 Critical |
| Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | ||||
| CVE-2021-40219 | 1 Bolt | 1 Bolt Cms | 2024-11-21 | 8.8 High |
| Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | ||||
| CVE-2021-40084 | 1 Artixlinux | 1 Opensysusers | 2024-11-21 | 9.8 Critical |
| opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that. | ||||
| CVE-2021-3725 | 1 Planetargon | 1 Oh My Zsh | 2024-11-21 | 7.5 High |
| Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin. | ||||
| CVE-2021-3615 | 1 Lenovo | 6 Smart Camera C2e, Smart Camera C2e Firmware, Smart Camera X3 and 3 more | 2024-11-21 | 6.6 Medium |
| A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262. | ||||
| CVE-2021-3583 | 1 Redhat | 3 Ansible Automation Platform, Ansible Engine, Ansible Tower | 2024-11-21 | 7.1 High |
| A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3411 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 6.7 Medium |
| A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-3273 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system. | ||||
| CVE-2021-3115 | 5 Fedoraproject, Golang, Microsoft and 2 more | 7 Fedora, Go, Windows and 4 more | 2024-11-21 | 7.5 High |
| Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | ||||
| CVE-2021-39979 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 9.8 Critical |
| HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | ||||
| CVE-2021-39908 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. | ||||
| CVE-2021-39503 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file. | ||||
| CVE-2021-39426 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | ||||
| CVE-2021-39402 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 7.2 High |
| MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors. | ||||
| CVE-2021-39383 | 1 Diaowen | 1 Dwsurvey | 2024-11-21 | 9.8 Critical |
| DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | ||||
| CVE-2021-39160 | 1 Jupyterhub | 1 Nbgitpuller | 2024-11-21 | 9.6 Critical |
| nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. | ||||