Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24430 | 1 Optimocha | 1 Speed Booster Pack | 2024-11-21 | 7.2 High |
| The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in a PHP file, which could lead to RCE | ||||
| CVE-2021-24312 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 7.2 High |
| The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. | ||||
| CVE-2021-24209 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 7.2 High |
| The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. | ||||
| CVE-2021-23406 | 1 Pac-resolver Project | 1 Pac-resolver | 2024-11-21 | 8.1 High |
| This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer. | ||||
| CVE-2021-23390 | 1 Totaljs | 1 Total4 | 2024-11-21 | 9.8 Critical |
| The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | ||||
| CVE-2021-23389 | 1 Totaljs | 1 Total.js | 2024-11-21 | 9.8 Critical |
| The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | ||||
| CVE-2021-23383 | 3 Handlebarsjs, Netapp, Redhat | 6 Handlebars, E-series Performance Analyzer, Acm and 3 more | 2024-11-21 | 5.6 Medium |
| The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
| CVE-2021-23369 | 2 Handlebarsjs, Redhat | 5 Handlebars, Acm, Jboss Enterprise Bpms Platform and 2 more | 2024-11-21 | 5.6 Medium |
| The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
| CVE-2021-23344 | 1 Totaljs | 1 Total.js | 2024-11-21 | 9.8 Critical |
| The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. | ||||
| CVE-2021-23337 | 5 Lodash, Netapp, Oracle and 2 more | 29 Lodash, Active Iq Unified Manager, Cloud Manager and 26 more | 2024-11-21 | 7.2 High |
| Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | ||||
| CVE-2021-23281 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 10 Critical |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code. | ||||
| CVE-2021-23277 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8.3 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands. | ||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2024-11-21 | 6.3 Medium |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | ||||
| CVE-2021-22961 | 1 Glasswire | 1 Glasswire | 2024-11-21 | 9.8 Critical |
| A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution. | ||||
| CVE-2021-22952 | 1 Ui | 1 Unifi Talk | 2024-11-21 | 8.8 High |
| A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later. | ||||
| CVE-2021-22557 | 1 Google | 1 Slo Generator | 2024-11-21 | 5.3 Medium |
| SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 | ||||
| CVE-2021-22395 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-22336 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. | ||||
| CVE-2021-22053 | 1 Vmware | 1 Spring Cloud Netflix | 2024-11-21 | 8.8 High |
| Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the path elements following `hystrix/monitor` are being evaluated as SpringEL expressions, which can lead to code execution. | ||||
| CVE-2021-21477 | 1 Sap | 1 Commerce | 2024-11-21 | 9.9 Critical |
| SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privileges to edit drools rules, an authenticated attacker with this privilege will be able to inject malicious code in the drools rules which when executed leads to Remote Code Execution vulnerability enabling the attacker to compromise the underlying host enabling him to impair confidentiality, integrity and availability of the application. | ||||