CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-94

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43466 94 Exec Code 2021-11-09 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
2 CVE-2021-43281 94 Exec Code 2021-11-04 2021-11-05
6.5
None Remote Low ??? Partial Partial Partial
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed on Change Settings pages.
3 CVE-2021-43208 94 Exec Code 2021-11-10 2021-11-15
6.8
None Remote Medium Not required Partial Partial Partial
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209.
4 CVE-2021-42754 94 2021-11-02 2021-11-04
3.5
None Remote Medium ??? None Partial None
An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file.
5 CVE-2021-42694 94 2021-11-01 2021-11-26
5.1
None Remote High Not required Partial Partial Partial
An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.
6 CVE-2021-42574 94 2021-11-01 2021-11-26
5.1
None Remote High Not required Partial Partial Partial
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
7 CVE-2021-42298 94 Exec Code 2021-11-10 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Defender Remote Code Execution Vulnerability
8 CVE-2021-42296 94 Exec Code 2021-11-10 2021-11-13
6.9
None Local Medium Not required Complete Complete Complete
Microsoft Word Remote Code Execution Vulnerability
9 CVE-2021-42139 94 2021-10-11 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.
10 CVE-2021-42057 94 Exec Code 2021-11-04 2021-11-08
9.3
None Remote Medium Not required Complete Complete Complete
Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases.
11 CVE-2021-41653 94 Exec Code 2021-11-13 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
12 CVE-2021-41619 94 Exec Code 2021-10-27 2021-11-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application.
13 CVE-2021-41269 94 Exec Code 2021-11-15 2021-11-19
6.8
None Remote Medium Not required Partial Partial Partial
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known.
14 CVE-2021-41228 94 2021-11-05 2021-11-10
4.6
None Local Low Not required Partial Partial Partial
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
15 CVE-2021-40889 94 Exec Code 2021-10-11 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot}/uno/central.php file calls to file_put_contents() function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into password.php and then use the login function to execute code.
16 CVE-2021-40499 94 Exec Code 2021-10-12 2021-10-18
7.5
None Remote Low Not required Partial Partial Partial
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
17 CVE-2021-40373 94 Exec Code 2021-09-10 2021-09-21
7.5
None Remote Low Not required Partial Partial Partial
playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI.
18 CVE-2021-40348 94 Exec Code 2021-11-01 2021-11-04
9.3
None Remote Medium Not required Complete Complete Complete
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1.
19 CVE-2021-40323 94 Exec Code 2021-10-04 2021-10-12
7.5
None Remote Low Not required Partial Partial Partial
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
20 CVE-2021-39503 94 Exec Code 2021-09-07 2021-09-14
6.5
None Remote Low ??? Partial Partial Partial
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, `,...." In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.
21 CVE-2021-39402 94 2021-09-20 2021-10-04
6.5
None Remote Low ??? Partial Partial Partial
MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.
22 CVE-2021-39160 94 Exec Code 2021-08-25 2021-08-30
6.8
None Remote Medium Not required Partial Partial Partial
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade.
23 CVE-2021-39159 94 Exec Code 2021-08-25 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround.
24 CVE-2021-39144 94 Exec Code 2021-08-23 2021-11-11
6.0
None Remote Medium ??? Partial Partial Partial
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
25 CVE-2021-39115 94 Exec Code 2021-09-01 2021-09-10
9.0
None Remote Low ??? Complete Complete Complete
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
26 CVE-2021-38448 94 2021-11-22 2021-11-22
0.0
None ??? ??? ??? ??? ??? ???
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
27 CVE-2021-38196 94 Exec Code 2021-08-08 2021-08-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.
28 CVE-2021-38142 94 Exec Code 2021-09-07 2021-09-14
7.2
None Local Low Not required Complete Complete Complete
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
29 CVE-2021-37694 94 2021-08-11 2021-09-13
6.8
None Remote Medium Not required Partial Partial Partial
@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update.
30 CVE-2021-37626 94 2021-08-11 2021-08-20
6.5
None Remote Low ??? Partial Partial Partial
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify fields that are shown in the front end. Update to Contao 4.4.56, 4.9.18 or 4.11.7 to resolve. If you cannot update then disable the login for untrusted back end users.
31 CVE-2021-36800 94 Exec Code 2021-08-04 2021-08-11
9.0
None Remote Low ??? Complete Complete Complete
Akaunting version 2.1.12 and earlier suffers from a code injection issue in the Money.php component of the application. A POST sent to /{company_id}/sales/invoices/{invoice_id} with an items[0][price] that includes a PHP callable function is executed directly. This issue was fixed in version 2.1.13 of the product.
32 CVE-2021-35514 94 2021-06-28 2021-07-02
7.5
None Remote Low Not required Partial Partial Partial
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
33 CVE-2021-34801 94 DoS 2021-06-16 2021-06-23
5.0
None Remote Low Not required None None Partial
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
34 CVE-2021-33911 94 Exec Code 2021-07-17 2021-07-28
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.
35 CVE-2021-33816 94 Exec Code 2021-11-10 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
36 CVE-2021-33693 94 Exec Code 2021-09-15 2021-09-27
7.7
None Local Network Low ??? Complete Complete Complete
SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.
37 CVE-2021-33678 94 Exec Code 2021-07-14 2021-07-16
7.5
None Remote Low ??? None Partial Complete
A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable.
38 CVE-2021-33493 94 2021-11-22 2021-11-23
3.6
None Local Low Not required None Partial Partial
The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format.
39 CVE-2021-32924 94 2021-06-01 2021-06-16
6.0
None Remote Medium ??? Partial Partial Partial
Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method.
40 CVE-2021-32836 94 DoS Exec Code 2021-09-09 2021-09-17
6.8
None Remote Medium Not required Partial Partial Partial
ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the data to be deserialized and therefore will be able to instantiate an arbitrary type and assign arbitrary values to its fields. This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution. For additional details see the referenced GHSL-2021-087.
41 CVE-2021-32834 94 2021-09-09 2021-09-16
6.5
None Remote Low ??? Partial Partial Partial
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
42 CVE-2021-32831 94 Exec Code 2021-08-30 2021-09-07
6.5
None Remote Low ??? Partial Partial Partial
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
43 CVE-2021-32829 94 Exec Code Bypass 2021-08-17 2021-08-25
6.5
None Remote Low ??? Partial Partial Partial
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST API are vulnerable to post-authentication Remote Code Execution (RCE) via bypass of the Groovy shell sandbox. The REST API exposes the GET zstack/v1/batch-queries?script endpoint which is backed up by the BatchQueryAction class. Messages are represented by the APIBatchQueryMsg, dispatched to the QueryFacadeImpl facade and handled by the BatchQuery class. The HTTP request parameter script is mapped to the APIBatchQueryMsg.script property and evaluated as a Groovy script in BatchQuery.query the evaluation of the user-controlled Groovy script is sandboxed by SandboxTransformer which will apply the restrictions defined in the registered (sandbox.register()) GroovyInterceptor. Even though the sandbox heavily restricts the receiver types to a small set of allowed types, the sandbox is non effective at controlling any code placed in Java annotations and therefore vulnerable to meta-programming escapes. This issue leads to post-authenticated remote code execution. For more details see the referenced GHSL-2021-065. This issue is patched in versions 3.8.21, 3.10.8, and 4.1.0.
44 CVE-2021-32809 94 2021-08-12 2021-10-20
3.5
None Remote Medium ??? None Partial None
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
45 CVE-2021-32706 94 Exec Code 2021-08-04 2021-08-12
6.5
None Remote Low ??? Partial Partial Partial
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. The issue lies in the fact that one of the periods is not escaped, allowing any character to be used in its place. A patch for this vulnerability was released in version 5.5.1.
46 CVE-2021-32673 94 Exec Code 2021-06-08 2021-06-21
7.5
None Remote Low Not required Partial Partial Partial
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.
47 CVE-2021-32621 94 2021-05-28 2021-09-07
6.5
None Remote Low ??? Partial Partial Partial
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.
48 CVE-2021-30461 94 Exec Code 2021-05-29 2021-06-09
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value (which might contain PHP code) is injected into config/configuration.php.
49 CVE-2021-30005 94 Exec Code 2021-05-11 2021-07-20
4.6
None Local Low Not required Partial Partial Partial
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.
50 CVE-2021-29772 94 2021-08-26 2021-09-01
7.5
None Remote Low Not required Partial Partial Partial
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.
Total number of vulnerabilities : 2736   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.