Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43944 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-06-13 | 6.5 MEDIUM | 7.2 HIGH |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | |||||
| CVE-2021-45983 | 1 Netscout | 1 Ngeniusone | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | |||||
| CVE-2018-4031 | 1 Getcujo | 1 Smart Firewall | 2022-06-07 | 10.0 HIGH | 10.0 CRITICAL |
| An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability. | |||||
| CVE-2022-29216 | 1 Google | 1 Tensorflow | 2022-06-02 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. | |||||
| CVE-2014-3399 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-06-02 | 5.5 MEDIUM | N/A |
| The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. | |||||
| CVE-2020-6144 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-6143 | 1 Os4ed | 1 Opensis | 2022-05-31 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-28960 | 1 Spip | 1 Spip | 2022-05-25 | 6.5 MEDIUM | 8.8 HIGH |
| A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | |||||
| CVE-2021-27446 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2022-05-25 | 10.0 HIGH | 9.8 CRITICAL |
| The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system. | |||||
| CVE-2022-0578 | 1 Publify Project | 1 Publify | 2022-05-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| Code Injection in GitHub repository publify/publify prior to 9.2.8. | |||||
| CVE-2020-8163 | 2 Debian, Rubyonrails | 2 Debian Linux, Rails | 2022-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | |||||
| CVE-2021-43215 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | |||||
| CVE-2022-29115 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 6.8 MEDIUM | 7.8 HIGH |
| Windows Fax Service Remote Code Execution Vulnerability. | |||||
| CVE-2022-21878 | 1 Microsoft | 4 Windows 10, Windows Server, Windows Server 2016 and 1 more | 2022-05-23 | 9.3 HIGH | 7.8 HIGH |
| Windows Geolocation Service Remote Code Execution Vulnerability. | |||||
| CVE-2018-8284 | 1 Microsoft | 13 .net Framework, Project Server, Sharepoint Enterprise Server and 10 more | 2022-05-23 | 9.3 HIGH | 8.1 HIGH |
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | |||||
| CVE-2022-21928 | 1 Microsoft | 7 Windows 10, Windows 11, Windows 8.1 and 4 more | 2022-05-23 | 6.9 MEDIUM | 6.4 MEDIUM |
| Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963. | |||||
| CVE-2022-21874 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 10.0 HIGH | 9.8 CRITICAL |
| Windows Security Center API Remote Code Execution Vulnerability. | |||||
| CVE-2022-29307 | 1 Ionizecms | 1 Ionize | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
| IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. | |||||
| CVE-2021-42651 | 1 Pentest Collaboration Framework Project | 1 Pentest Collaboration Framework | 2022-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/. | |||||
| CVE-2022-24817 | 1 Fluxcd | 3 Flux2, Helm-controller, Kustomize-controller | 2022-05-16 | 6.5 MEDIUM | 9.9 CRITICAL |
| Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller's service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0 | |||||