Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43809 | 1 Bundler | 1 Bundler | 2024-11-21 | 9.3 HIGH | 6.7 MEDIUM |
| `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code. | |||||
| CVE-2021-43736 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule | |||||
| CVE-2021-41316 | 1 Device42 | 1 Device42 | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. | |||||
| CVE-2021-3540 | 1 Ivanti | 1 Mobileiron | 2024-11-21 | 9.0 HIGH | 6.5 MEDIUM |
| By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||||
| CVE-2021-3401 | 1 Bitcoin | 1 Bitcoin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited." | |||||
| CVE-2021-3256 | 1 Kuaifan | 1 Kuaifancms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chakanhtml.module.php file. | |||||
| CVE-2021-3045 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted. | |||||
| CVE-2021-38112 | 1 Amazon | 1 Aws Workspaces | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the workspaces:// URI handler can lead to remote code execution because of the Chromium Embedded Framework (CEF) --gpu-launcher argument. This is fixed in 3.1.9. | |||||
| CVE-2021-37040 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting. | |||||
| CVE-2021-36122 | 1 Echobh | 1 Sharecare | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject arbitrary arguments to 7z.exe. | |||||
| CVE-2021-34816 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An Argument Injection issue in the plugin management of Etherpad 1.8.13 allows privileged users to execute arbitrary code on the server by installing plugins from an attacker-controlled source. | |||||
| CVE-2021-34718 | 1 Cisco | 36 Asr 9000v-v2, Asr 9001, Asr 9006 and 33 more | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| A vulnerability in the SSH Server process of Cisco IOS XR Software could allow an authenticated, remote attacker to overwrite and read arbitrary files on the local device. This vulnerability is due to insufficient input validation of arguments that are supplied by the user for a specific file transfer method. An attacker with lower-level privileges could exploit this vulnerability by specifying Secure Copy Protocol (SCP) parameters when authenticating to a device. A successful exploit could allow the attacker to elevate their privileges and retrieve and upload files on a device that they should not have access to. | |||||
| CVE-2021-33564 | 1 Dragonfly Project | 1 Dragonfly | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attackers to read and write to arbitrary files via a crafted URL when the verify_url option is disabled. This may lead to code execution. The problem occurs because the generate and process features mishandle use of the ImageMagick convert utility. | |||||
| CVE-2021-31909 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.3, argument injection leading to remote code execution was possible. | |||||
| CVE-2021-29472 | 3 Debian, Fedoraproject, Getcomposer | 3 Debian Linux, Fedora, Composer | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue. | |||||
| CVE-2021-29461 | 1 Demon1a | 1 Discord-recon | 2024-11-21 | 9.0 HIGH | 8.1 HIGH |
| Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch. | |||||
| CVE-2021-26937 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Screen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence. | |||||
| CVE-2021-24030 | 1 Facebook | 1 Gameroom | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. | |||||
| CVE-2021-21814 | 1 Att | 1 Xmill | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2021-21386 | 1 Apkleaks Project | 1 Apkleaks | 2024-11-21 | 10.0 HIGH | 9.3 CRITICAL |
| APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above. | |||||