CVE & Exploit Intelligence Database

CVE-2021-21386 9.3 CRITICAL 1 Writeup EPSS 0.01

APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above.

CWE-78 Mar 24, 2021

CVE-2021-1454 6.0 MEDIUM EPSS 0.00

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

CWE-88 Mar 24, 2021

CVE-2021-1383 6.0 MEDIUM EPSS 0.00

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges.

CWE-88 Mar 24, 2021

CVE-2021-21384 6.3 MEDIUM 1 Writeup EPSS 0.00

shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.

CWE-88 Mar 19, 2021

CVE-2021-24030 9.8 CRITICAL EPSS 0.01

The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.

CWE-88 Mar 10, 2021

CVE-2020-21224 9.8 CRITICAL EXPLOITED 1 PoC 1 Writeup NUCLEI EPSS 0.92

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server

CWE-88 Feb 22, 2021

CVE-2021-26937 9.8 CRITICAL EPSS 0.13

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.

CWE-88 Feb 09, 2021

CVE-2021-3401 9.8 CRITICAL EPSS 0.03

Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."

CWE-88 Feb 04, 2021

CVE-2020-35136 7.2 HIGH 1 Writeup EPSS 0.07

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php.

CWE-88 Dec 23, 2020

CVE-2020-7769 8.6 HIGH 1 Writeup EPSS 0.01

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

CWE-88 Nov 12, 2020

CVE-2020-25268 8.8 HIGH EPSS 0.03

Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data.

CWE-88 Nov 10, 2020

CVE-2020-27129 6.7 MEDIUM EPSS 0.00

A vulnerability in the remote management feature of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands and potentially gain elevated privileges. The vulnerability is due to improper validation of commands to the remote management CLI of the affected application. An attacker could exploit this vulnerability by sending malicious requests to the affected application. A successful exploit could allow the attacker to inject arbitrary commands and potentially gain elevated privileges.

CWE-88 Nov 06, 2020

CVE-2020-5648 9.8 CRITICAL EPSS 0.01

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.

CWE-88 Nov 06, 2020

CVE-2020-5657 6.5 MEDIUM EPSS 0.00

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows unauthenticated attackers on adjacent network to stop the network functions of the products via a specially crafted packet.

CWE-88 Nov 02, 2020

CVE-2020-15238 7.1 HIGH 1 PoC Analysis EPSS 0.00

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules.

CWE-74 Oct 27, 2020

CVE-2020-5792 7.2 HIGH 1 PoC Analysis EPSS 0.81

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.

CWE-88 Oct 20, 2020

CVE-2020-14027 5.3 MEDIUM EPSS 0.00

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.

CWE-88 Sep 22, 2020

CVE-2020-4492 5.5 MEDIUM EPSS 0.00

IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2.3.21 could allow a local attacker to cause a denial of service crashing the kernel by sending a subset of ioctls on the device with invalid arguments. IBM X-Force ID: 181992.

CWE-88 Aug 31, 2020

CVE-2020-15692 9.8 CRITICAL 1 Writeup EPSS 0.02

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.

CWE-88 Aug 14, 2020

CVE-2020-17367 7.8 HIGH EPSS 0.00

Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.

CWE-88 Aug 11, 2020