CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-74

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43350 74 2021-11-11 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
2 CVE-2021-43185 74 2021-11-09 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.
3 CVE-2021-42663 74 Sql 2021-11-05 2021-11-09
4.3
None Remote Medium Not required Partial None None
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.
4 CVE-2021-41862 74 Exec Code 2021-10-02 2021-10-13
7.5
None Remote Low Not required Partial Partial Partial
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).
5 CVE-2021-41825 74 2021-10-08 2021-10-15
5.0
None Remote Low Not required None Partial None
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
6 CVE-2021-41392 74 Exec Code 2021-09-17 2021-09-29
7.5
None Remote Low Not required Partial Partial Partial
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
7 CVE-2021-41390 74 2021-09-17 2021-09-29
6.0
None Remote Medium ??? Partial Partial Partial
In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.
8 CVE-2021-41232 74 2021-11-02 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in version 1.16.3. If users are unable to update they should disable the LDAP feature if in use.
9 CVE-2021-41170 74 Exec Code 2021-11-08 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. Version 1.1.1 has addressed this vulnerability. Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade.
10 CVE-2021-41163 74 Exec Code 2021-10-20 2021-10-26
7.5
None Remote Low Not required Partial Partial Partial
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.
11 CVE-2021-41128 74 Exec Code 2021-10-06 2021-10-14
6.5
None Remote Low ??? Partial Partial Partial
Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. In affected versions all CSV Exports (Statistics & BAG MED) contain a CSV Injection Vulnerability. Users of the system are able to submit formula as exported fields which then get executed upon ingestion of the exported file. There is no validation or sanitization of these formula fields and so malicious may construct malicious code. This vulnerability has been resolved in version 1.30.4. There are no workarounds and all users are advised to upgrade their package.
12 CVE-2021-41084 74 Http R.Spl. 2021-09-21 2021-10-06
4.3
None Remote Medium Not required None Partial None
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`) (through 0.21). This issue has been resolved in versions 0.21.30, 0.22.5, 0.23.4, and 1.0.0-M27 perform the following. As a matter of practice http4s services and client applications should sanitize any user input in the aforementioned fields before returning a request or response to the backend. The carriage return, newline, and null characters are the most threatening.
13 CVE-2021-40143 74 2021-09-07 2021-09-14
6.4
None Remote Low Not required Partial Partial None
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
14 CVE-2021-39213 74 Bypass 2021-09-15 2021-09-28
6.0
None Remote Medium ??? Partial Partial Partial
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
15 CVE-2021-39175 74 2021-08-30 2021-09-08
4.3
None Remote Medium Not required None Partial None
HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embedding an iframe hosting the malicious code into the slides or by embedding the HedgeDoc instance into another page. The problem is patched in version 1.9.0. There are no known workarounds aside from upgrading.
16 CVE-2021-39128 74 Exec Code 2021-09-16 2021-09-27
6.5
None Remote Low ??? Partial Partial Partial
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
17 CVE-2021-38873 74 Exec Code 2021-11-24 2021-11-24
9.3
None Remote Medium Not required Complete Complete Complete
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.
18 CVE-2021-38458 74 Exec Code 2021-10-12 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2.2 may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.
19 CVE-2021-38371 74 2021-08-10 2021-08-20
5.0
None Remote Low Not required None Partial None
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
20 CVE-2021-38290 74 2021-08-09 2021-08-17
6.8
None Remote Medium Not required Partial Partial Partial
A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attack such as phishing.
21 CVE-2021-38084 74 2021-08-03 2021-09-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
22 CVE-2021-37933 74 Bypass 2021-10-14 2021-10-20
5.0
None Remote Low Not required None Partial None
An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability is due to insufficient server-side validation of the email parameter before using it to construct LDAP queries. An attacker could bypass authentication exploiting this vulnerability by sending login attempts in which there is a valid password but a wildcard character in email parameter.
23 CVE-2021-37541 74 2021-08-06 2021-08-12
4.3
None Remote Medium Not required None Partial None
In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.
24 CVE-2021-36697 74 Exec Code 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
25 CVE-2021-36381 74 2021-07-12 2021-07-14
5.0
None Remote Low Not required None Partial None
In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application.
26 CVE-2021-36322 74 2021-11-20 2021-11-23
5.8
None Remote Medium Not required Partial Partial None
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to poison the web-cache or trigger redirections.
27 CVE-2021-36022 74 Exec Code 2021-09-01 2021-09-08
6.5
None Remote Low ??? Partial Partial Partial
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution.
28 CVE-2021-35505 74 Exec Code 2021-10-05 2021-10-12
6.5
None Remote Low ??? Partial Partial Partial
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary.
29 CVE-2021-35504 74 Exec Code 2021-10-05 2021-10-12
6.5
None Remote Low ??? Partial Partial Partial
Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary.
30 CVE-2021-35450 74 Exec Code 2021-08-02 2021-08-10
9.0
None Remote Low ??? Complete Complete Complete
A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with privileges to execute FreeMarker template with command execution via freemarker.template.utility.Execute
31 CVE-2021-34419 74 2021-11-11 2021-11-16
5.0
None Remote Low Not required None Partial None
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.
32 CVE-2021-33195 74 XSS 2021-08-02 2021-10-18
7.5
None Remote Low Not required Partial Partial Partial
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
33 CVE-2021-32827 74 Exec Code 2021-08-16 2021-08-26
6.8
None Remote Medium Not required Partial Partial Partial
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad default CORS configuration MockServer allows any site to send cross-site requests. Additionally, MockServer allows you to create dynamic expectations using Javascript or Velocity templates. Both engines may allow an attacker to execute arbitrary code on-behalf of MockServer. By combining these two issues (Overly broad CORS configuration + Script injection), an attacker could serve a malicious page so that if a developer running MockServer visits it, they will get compromised. For more details including a PoC see the referenced GHSL-2021-059.
34 CVE-2021-32756 74 Exec Code 2021-07-21 2021-09-16
9.0
None Remote Low ??? Complete Complete Complete
ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to execute arbitrary code with root privileges on the host system. There are patches for this issue in releases named jansa-4, kasparov-2, and lasker-1. If possible, restrict users, via RBAC, to only the part of the application that they need access to. While MiqExpression is widely used throughout the product, restricting users can limit the surface of the attack.
35 CVE-2021-32647 74 Exec Code 2021-06-01 2021-06-10
6.5
None Remote Low ??? Partial Partial Partial
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/CreatePlaceAction.java#L36) REST endpoint accepts an `sppClassName` parameter which is used to load an arbitrary class. This class is later instantiated using a constructor with the following signature: `<constructor>(String, String, String)`. An attacker may find a gadget (class) in the application classpath that could be used to achieve Remote Code Execution (RCE) or disrupt the application. Even though the chances to find a gadget (class) that allow arbitrary code execution are low, an attacker can still find gadgets that could potentially crash the application or leak sensitive data. As a work around disable network access to Emissary from untrusted sources.
36 CVE-2021-32558 74 2021-07-30 2021-11-17
5.0
None Remote Low Not required None None Partial
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
37 CVE-2021-31164 74 2021-05-04 2021-05-11
5.0
None Remote Low Not required None Partial None
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
38 CVE-2021-30777 74 +Priv 2021-09-08 2021-09-17
9.3
None Remote Medium Not required Complete Complete Complete
An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.
39 CVE-2021-30653 74 Exec Code 2021-09-08 2021-09-17
6.8
None Remote Medium Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.
40 CVE-2021-30506 74 2021-06-04 2021-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
41 CVE-2021-30214 74 2021-05-12 2021-05-14
3.5
None Remote Medium ??? None Partial None
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
42 CVE-2021-30057 74 2021-04-05 2021-04-08
3.5
None Remote Medium ??? None Partial None
A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in "/restful-services/2.0/analyticalDrivers" via the 'LABEL' and 'NAME' parameters.
43 CVE-2021-29955 74 Exec Code Bypass 2021-06-24 2021-06-30
2.6
None Remote High Not required Partial None None
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
44 CVE-2021-29795 74 2021-09-21 2021-09-29
4.9
None Local Low Not required None None Complete
IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.
45 CVE-2021-29702 74 DoS 2021-06-16 2021-09-20
5.0
None Remote Low Not required None None Partial
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.
46 CVE-2021-29676 74 +Priv XSS 2021-06-25 2021-06-30
5.8
None Remote Medium Not required Partial Partial None
IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. By persuading a victim to click on a specially-crafted URL link, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking
47 CVE-2021-29502 74 2021-05-10 2021-05-21
4.0
None Remote Low ??? Partial None None
WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.
48 CVE-2021-29501 74 2021-05-10 2021-05-19
4.0
None Remote Low ??? Partial None None
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code.
49 CVE-2021-29416 74 2021-03-29 2021-04-05
4.3
None Remote Medium Not required Partial None None
An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing a request that does not respect its upstream proxy configuration. This could leak NetNTLM hashes on Windows systems that fail to block outbound SMB.
50 CVE-2021-29414 74 2021-05-21 2021-06-08
3.6
None Local Low Not required None Partial Partial
STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.
Total number of vulnerabilities : 713   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.