ReportizFlow
Filtered by vendor
Subscriptions
Total
4109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39159 | 1 Jupyter | 1 Binderhub | 2024-11-21 | 9.6 Critical |
| BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround. | ||||
| CVE-2021-39144 | 6 Debian, Fedoraproject, Netapp and 3 more | 22 Debian Linux, Fedora, Snapmanager and 19 more | 2024-11-21 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39128 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 7.2 High |
| Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1. | ||||
| CVE-2021-39115 | 1 Atlassian | 2 Jira Service Desk, Jira Service Management | 2024-11-21 | 7.2 High |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. | ||||
| CVE-2021-39114 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 8.8 High |
| Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | ||||
| CVE-2021-38967 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 6.7 Medium |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. | ||||
| CVE-2021-38745 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.8 Medium |
| Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker's profile page. | ||||
| CVE-2021-38450 | 1 Trane | 5 Tracer Concierge, Tracer Sc, Tracer Sc\+ and 2 more | 2024-11-21 | 9.9 Critical |
| The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | ||||
| CVE-2021-38448 | 1 Trane | 6 Ascend Air-cooled Chiller Acr, Intellipak 1, Intellipak 2 and 3 more | 2024-11-21 | 7.5 High |
| The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. | ||||
| CVE-2021-38300 | 3 Debian, Linux, Netapp | 19 Debian Linux, Linux Kernel, Cloud Backup and 16 more | 2024-11-21 | 7.8 High |
| arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context. This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture. | ||||
| CVE-2021-38196 | 1 Better-macro Project | 1 Better-macro | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose. | ||||
| CVE-2021-37694 | 1 Asyncapi | 1 Java-spring-cloud-stream-template | 2024-11-21 | 8.7 High |
| @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update. | ||||
| CVE-2021-37626 | 1 Contao | 1 Contao | 2024-11-21 | 7.2 High |
| Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end users. | ||||
| CVE-2021-37384 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | 9.8 Critical |
| RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. | ||||
| CVE-2021-37097 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | ||||
| CVE-2021-37079 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 9.1 Critical |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | ||||
| CVE-2021-36985 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. | ||||
| CVE-2021-36800 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 8.7 High |
| Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product. | ||||
| CVE-2021-36424 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 9.8 Critical |
| An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. | ||||
| CVE-2021-35514 | 1 Narou Project | 1 Narou | 2024-11-21 | 9.8 Critical |
| Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. | ||||