Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21837 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2022-01-13 | 9.0 HIGH | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability. | |||||
| CVE-2021-39979 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | |||||
| CVE-2020-26124 | 1 Openmediavault | 1 Openmediavault | 2022-01-06 | 9.0 HIGH | 8.8 HIGH |
| openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. | |||||
| CVE-2020-8518 | 3 Debian, Fedoraproject, Horde | 3 Debian Linux, Fedora, Groupware | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | |||||
| CVE-2021-37097 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2021-12-15 | 7.8 HIGH | 7.5 HIGH |
| There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | |||||
| CVE-2021-43811 | 1 Amazon | 1 Sockeye | 2021-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally. The issue is fixed in version 2.3.24. | |||||
| CVE-2021-22336 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. | |||||
| CVE-2021-38967 | 1 Ibm | 1 Mq Appliance | 2021-11-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441. | |||||
| CVE-2021-43221 | 1 Microsoft | 1 Edge Chromium | 2021-11-30 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2021-25283 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2021-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks. | |||||
| CVE-2021-33493 | 1 Open-xchange | 1 Ox App Suite | 2021-11-23 | 3.6 LOW | 6.0 MEDIUM |
| The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. | |||||
| CVE-2021-22053 | 1 Vmware | 1 Spring Cloud Netflix | 2021-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. | |||||
| CVE-2021-41269 | 1 Cron-utils Project | 1 Cron-utils | 2021-11-19 | 6.8 MEDIUM | 9.8 CRITICAL |
| cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known. | |||||
| CVE-2020-15227 | 2 Debian, Nette | 2 Debian Linux, Application | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | |||||
| CVE-2021-42298 | 1 Microsoft | 1 Malware Protection Engine | 2021-11-17 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Defender Remote Code Execution Vulnerability | |||||
| CVE-2021-41653 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2021-11-17 | 10.0 HIGH | 9.8 CRITICAL |
| The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. | |||||
| CVE-2021-29679 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2021-11-16 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915. | |||||
| CVE-2021-43208 | 1 Microsoft | 1 3d Viewer | 2021-11-15 | 6.8 MEDIUM | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209. | |||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office | 2021-11-12 | 6.9 MEDIUM | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2021-24721 | 1 Loco Translate Project | 1 Loco Translate | 2021-11-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations. | |||||