An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.
CWE-94
CVE-2021-3583
A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-35514
Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.
CVE-2021-3411
A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2021-33816
The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked.
CVE-2021-33693
SAP Cloud Connector, version – 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.