Total
2906 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-3418 | 1 Soflyy | 1 Wp All Import | 2022-11-09 | N/A | 7.2 HIGH |
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not properly filtering which file extensions are allowed to be imported on the server, which could allow administrators in multi-site WordPress installations to upload arbitrary files | |||||
CVE-2021-29440 | 1 Getgrav | 1 Grav | 2022-11-08 | 6.5 MEDIUM | 7.2 HIGH |
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11. | |||||
CVE-2022-43572 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-08 | N/A | 6.5 MEDIUM |
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending a malformed file through the Splunk-to-Splunk (S2S) or HTTP Event Collector (HEC) protocols to an indexer results in a blockage or denial-of-service preventing further indexing. | |||||
CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-11-07 | N/A | 8.8 HIGH |
In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | |||||
CVE-2021-43466 | 1 Thymeleaf | 1 Thymeleaf | 2022-11-03 | 6.8 MEDIUM | 9.8 CRITICAL |
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. | |||||
CVE-2022-3401 | 1 Bricksbuilder | 1 Bricks | 2022-11-03 | N/A | 8.8 HIGH |
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution. | |||||
CVE-2018-8966 | 1 Zzcms | 1 Zzcms | 2022-11-01 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php. | |||||
CVE-2022-39365 | 1 Pimcore | 1 Pimcore | 2022-10-31 | N/A | 9.8 CRITICAL |
Pimcore is an open source data and experience management platform. Prior to version 10.5.9, the user controlled twig templates rendering in `Pimcore/Mail` & `ClassDefinition\Layout\Text` is vulnerable to server-side template injection, which could lead to remote code execution. Version 10.5.9 contains a patch for this issue. As a workaround, one may apply the patch manually. | |||||
CVE-2019-0542 | 2 Redhat, Xtermjs | 2 Openshift Container Platform, Xterm.js | 2022-10-27 | 6.8 MEDIUM | 8.8 HIGH |
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | |||||
CVE-2020-15591 | 1 Uni-stuttgart | 1 Frams\' Fast File Exchange | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | |||||
CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2022-10-26 | 6.5 MEDIUM | 7.2 HIGH |
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | |||||
CVE-2020-22120 | 1 Txjia | 1 Imcat | 2022-10-26 | 6.5 MEDIUM | 8.8 HIGH |
A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | |||||
CVE-2020-22937 | 1 Phome | 1 Empirecms | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | |||||
CVE-2022-3394 | 1 Soflyy | 1 Wp All Export | 2022-10-26 | N/A | 7.2 HIGH |
The WP All Export Pro WordPress plugin before 1.7.9 does not limit some functionality during exports only to users with the Administrator role, allowing any logged in user which has been given privileges to perform exports to execute arbitrary code on the site. By default only administrators can run exports, but the privilege can be delegated to lower privileged users. | |||||
CVE-2021-29502 | 1 Warnsystem Project | 1 Warnsystem | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally. | |||||
CVE-2021-42574 | 3 Fedoraproject, Starwindsoftware, Unicode | 3 Fedora, Starwind Virtual San, Unicode | 2022-10-25 | 5.1 MEDIUM | 8.3 HIGH |
** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm. | |||||
CVE-2021-41228 | 1 Google | 1 Tensorflow | 2022-10-20 | 4.6 MEDIUM | 7.8 HIGH |
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range. | |||||
CVE-2021-21277 | 1 Peerigon | 1 Angular-expressions | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compile(userControlledInput)" where "userControlledInput" is text that comes from user input. The security of the package could be bypassed by using a more complex payload, using a ".constructor.constructor" technique. In terms of impact: If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution. This is fixed in version 1.1.2 of angular-expressions A temporary workaround might be either to disable user-controlled input that will be fed into angular-expressions in your application or allow only following characters in the userControlledInput. | |||||
CVE-2021-21248 | 1 Onedev Project | 1 Onedev | 2022-10-19 | 6.5 MEDIUM | 8.8 HIGH |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job parameters can run arbitrary code on OneDev's server by injecting arbitrary Groovy code. The ultimate result is in the injection of a static constructor that will run arbitrary code. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by escaping special characters such as quote from user input. | |||||
CVE-2021-21244 | 1 Onedev Project | 1 Onedev | 2022-10-19 | 7.5 HIGH | 9.8 CRITICAL |
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely. |