CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44223 Exec Code 2021-11-25 2021-11-26
0.0
None ??? ??? ??? ??? ??? ???
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
2 CVE-2021-44143 787 Exec Code Overflow 2021-11-22 2021-11-27
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
3 CVE-2021-44079 77 Exec Code 2021-11-22 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
4 CVE-2021-43785 Exec Code XSS 2021-11-26 2021-11-26
0.0
None ??? ??? ??? ??? ??? ???
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code.
5 CVE-2021-43582 416 Exec Code 2021-11-22 2021-11-26
6.8
None Remote Medium Not required Partial Partial Partial
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
6 CVE-2021-43581 125 Exec Code 2021-11-22 2021-11-26
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
7 CVE-2021-43562 918 Exec Code 2021-11-10 2021-11-16
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.
8 CVE-2021-43555 23 Exec Code 2021-11-19 2021-11-24
6.8
None Remote Medium Not required Partial Partial Partial
mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validate contents of an imported project file, which may make the product vulnerable to a path traversal payload. This vulnerability may allow an attacker to plant files on the file system in arbitrary locations or overwrite existing files, resulting in remote code execution.
9 CVE-2021-43523 79 Exec Code XSS 2021-11-10 2021-11-15
6.8
None Remote Medium Not required Partial Partial Partial
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.
10 CVE-2021-43493 22 Exec Code Dir. Trav. 2021-11-12 2021-11-16
5.0
None Remote Low Not required Partial None None
ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code.
11 CVE-2021-43466 94 Exec Code 2021-11-09 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
12 CVE-2021-43408 89 Exec Code Sql 2021-11-19 2021-11-24
9.0
None Remote Low ??? Complete Complete Complete
The "Duplicate Post" WordPress plugin up to and including version 1.1.9 is vulnerable to SQL Injection. SQL injection vulnerabilities occur when client supplied data is included within an SQL Query insecurely. SQL Injection can typically be exploited to read, modify and delete SQL table data. In many cases it also possible to exploit features of SQL server to execute system commands and/or access the local file system. This particular vulnerability can be exploited by any authenticated user who has been granted access to use the Duplicate Post plugin. By default, this is limited to Administrators, however the plugin presents the option to permit access to the Editor, Author, Contributor and Subscriber roles.
13 CVE-2021-43391 125 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
14 CVE-2021-43390 787 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
15 CVE-2021-43336 787 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
16 CVE-2021-43281 94 Exec Code 2021-11-04 2021-11-05
6.5
None Remote Low ??? Partial Partial Partial
MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed on Change Settings pages.
17 CVE-2021-43280 787 Exec Code Overflow 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
18 CVE-2021-43279 787 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
19 CVE-2021-43278 125 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
20 CVE-2021-43277 125 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
21 CVE-2021-43276 125 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process
22 CVE-2021-43275 416 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
23 CVE-2021-43274 416 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
24 CVE-2021-43273 125 Exec Code 2021-11-14 2021-11-17
4.3
None Remote Medium Not required Partial None None
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
25 CVE-2021-43272 755 Exec Code 2021-11-14 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process.
26 CVE-2021-43266 77 Exec Code 2021-11-02 2021-11-09
4.6
None Remote High ??? Partial Partial Partial
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name.
27 CVE-2021-43221 Exec Code 2021-11-24 2021-11-24
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
28 CVE-2021-43209 Exec Code 2021-11-10 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43208.
29 CVE-2021-43208 94 Exec Code 2021-11-10 2021-11-15
6.8
None Remote Medium Not required Partial Partial Partial
3D Viewer Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-43209.
30 CVE-2021-43193 Exec Code 2021-11-09 2021-11-10
7.5
None Remote Low Not required Partial Partial Partial
In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible.
31 CVE-2021-43019 284 Exec Code 2021-11-23 2021-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability on the product installer. User interaction is required before product installation to abuse this vulnerability.
32 CVE-2021-43015 788 Exec Code Mem. Corr. 2021-11-22 2021-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Adobe InCopy version 16.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
33 CVE-2021-43013 788 Exec Code Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
34 CVE-2021-43012 788 Exec Code Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
35 CVE-2021-43011 788 Exec Code Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Prelude version 10.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
36 CVE-2021-42956 269 Exec Code 2021-11-17 2021-11-18
6.5
None Remote Low ??? Partial Partial Partial
Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged in user, so memory dump can be done by non-admin also. Remotely, an attacker can dump all sensitive information including DB Connection string, entire IT infrastructure details, commands executed by IT admin including credentials, secrets, private keys and more.
37 CVE-2021-42840 434 Exec Code 2021-10-22 2021-11-17
9.0
None Remote Low ??? Complete Complete Complete
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
38 CVE-2021-42839 434 Exec Code 2021-11-15 2021-11-16
9.0
None Remote Low ??? Complete Complete Complete
Grand Vice info Co. webopac7 file upload function fails to filter special characters. While logging in with general user’s permission, remote attackers can upload malicious script and execute arbitrary code to control the system or interrupt services.
39 CVE-2021-42771 22 Exec Code Dir. Trav. 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
40 CVE-2021-42738 788 Exec Code Mem. Corr. 2021-11-22 2021-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
41 CVE-2021-42737 788 Exec Code Mem. Corr. 2021-11-22 2021-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
42 CVE-2021-42733 20 Exec Code 2021-11-22 2021-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
43 CVE-2021-42731 120 Exec Code Overflow 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
44 CVE-2021-42727 22 Exec Code Dir. Trav. 2021-11-22 2021-11-24
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server.
45 CVE-2021-42726 788 Exec Code Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
46 CVE-2021-42723 788 Exec Code Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
47 CVE-2021-42721 119 Exec Code Overflow Mem. Corr. 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
48 CVE-2021-42707 787 Exec Code 2021-11-22 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
49 CVE-2021-42706 416 Exec Code 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer
50 CVE-2021-42705 121 Exec Code Overflow 2021-11-22 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.
Total number of vulnerabilities : 3500   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.