CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45695 Exec Code Bypass 2021-12-27 2022-01-06
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.
2 CVE-2021-45608 190 Exec Code Overflow 2021-12-26 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
3 CVE-2021-45463 Exec Code 2021-12-23 2022-02-07
6.8
None Remote Medium Not required Partial Partial Partial
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
4 CVE-2021-45461 Exec Code 2021-12-22 2022-01-05
7.5
None Remote Low Not required Partial Partial Partial
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
5 CVE-2021-45425 79 Exec Code XSS 2021-12-28 2022-01-06
4.3
None Remote Medium Not required None Partial None
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
6 CVE-2021-45090 Exec Code 2021-12-21 2022-01-05
10.0
None Remote Low Not required Complete Complete Complete
Stormshield Endpoint Security before 2.1.2 allows remote code execution.
7 CVE-2021-45046 502 Exec Code +Info 2021-12-14 2022-04-20
5.1
None Remote High Not required Partial Partial Partial
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
8 CVE-2021-44916 79 Exec Code XSS 2021-12-20 2022-02-28
4.3
None Remote Medium Not required None Partial None
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
9 CVE-2021-44860 125 Exec Code 2021-12-21 2021-12-27
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.
10 CVE-2021-44859 125 Exec Code 2021-12-21 2021-12-27
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.
11 CVE-2021-44847 787 Exec Code Overflow 2021-12-13 2022-02-08
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.
12 CVE-2021-44832 20 Exec Code 2021-12-28 2022-07-01
8.5
None Remote Medium ??? Complete Complete Complete
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
13 CVE-2021-44685 78 Exec Code 2021-12-07 2021-12-08
7.5
None Remote Low Not required Partial Partial Partial
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
14 CVE-2021-44675 287 Exec Code Bypass 2021-12-20 2022-01-03
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
15 CVE-2021-44657 94 Exec Code 2021-12-15 2021-12-20
9.0
None Remote Low ??? Complete Complete Complete
In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to backwards compatibility. Stackstorm now sets sandboxed mode for jinja by default.
16 CVE-2021-44548 22 Exec Code Dir. Trav. 2021-12-23 2022-01-21
6.8
None Remote Medium Not required Partial Partial Partial
An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.
17 CVE-2021-44529 94 Exec Code 2021-12-08 2022-04-18
7.5
None Remote Low Not required Partial Partial Partial
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
18 CVE-2021-44515 287 Exec Code Bypass 2021-12-12 2021-12-16
10.0
None Remote Low Not required Complete Complete Complete
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3. For MSP builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For MSP builds 10.1.2128.0 through 10.1.2137.2, upgrade to 10.1.2137.3.
19 CVE-2021-44449 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14830)
20 CVE-2021-44447 416 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911)
21 CVE-2021-44446 787 Exec Code 2021-12-14 2021-12-15
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14828, ZDI-CAN-14898)
22 CVE-2021-44445 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)
23 CVE-2021-44443 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15039)
24 CVE-2021-44442 122 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14995)
25 CVE-2021-44441 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14913)
26 CVE-2021-44440 787 Exec Code Mem. Corr. 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14912)
27 CVE-2021-44438 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14907)
28 CVE-2021-44437 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14906)
29 CVE-2021-44435 787 Exec Code Overflow 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14903)
30 CVE-2021-44434 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14902, ZDI-CAN-14866)
31 CVE-2021-44433 416 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900)
32 CVE-2021-44432 121 Exec Code Overflow 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845)
33 CVE-2021-44430 787 Exec Code 2021-12-14 2021-12-14
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14829)
34 CVE-2021-44423 125 Exec Code 2021-12-21 2021-12-27
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.
35 CVE-2021-44422 20 Exec Code Overflow 2021-12-21 2021-12-27
6.8
None Remote Medium Not required Partial Partial Partial
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.
36 CVE-2021-44235 94 Exec Code 2021-12-14 2021-12-16
7.2
None Local Low Not required Complete Complete Complete
Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct access to SAP System, to inject code when executing with a certain transaction class builder. This could allow execution of arbitrary commands on the operating system, that could highly impact the Confidentiality, Integrity and Availability of the system.
37 CVE-2021-44231 94 Exec Code 2021-12-14 2021-12-17
7.5
None Remote Low Not required Partial Partial Partial
Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
38 CVE-2021-44228 502 Exec Code 2021-12-10 2022-06-30
9.3
None Remote Medium Not required Complete Complete Complete
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
39 CVE-2021-44223 Exec Code 2021-11-25 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
40 CVE-2021-44181 787 Exec Code 2021-12-20 2021-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.
41 CVE-2021-44180 787 Exec Code 2021-12-20 2021-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.
42 CVE-2021-44179 787 Exec Code Mem. Corr. 2021-12-20 2021-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
43 CVE-2021-44165 121 Exec Code Overflow 2021-12-14 2021-12-16
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.
44 CVE-2021-44164 434 Exec Code Bypass 2021-12-20 2021-12-27
7.5
None Remote Low Not required Partial Partial Partial
Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.
45 CVE-2021-44159 434 Exec Code 2021-12-20 2022-01-03
10.0
None Remote Low Not required Complete Complete Complete
4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack.
46 CVE-2021-44143 787 Exec Code Overflow 2021-11-22 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
47 CVE-2021-44094 434 Exec Code 2021-11-28 2021-11-29
6.8
None Remote Medium Not required Partial Partial Partial
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
48 CVE-2021-44093 434 Exec Code Bypass 2021-11-28 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
49 CVE-2021-44079 77 Exec Code 2021-11-22 2021-12-14
7.5
None Remote Low Not required Partial Partial Partial
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
50 CVE-2021-44078 697 Exec Code 2021-12-26 2022-01-07
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.
Total number of vulnerabilities : 3850   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.