Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-21386 | 1 Apkleaks Project | 1 Apkleaks | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
APKLeaks is an open-source project for scanning APK file for URIs, endpoints & secrets. APKLeaks prior to v2.0.3 allows remote attackers to execute arbitrary OS commands via package name inside application manifest. An attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior through malicious package name. The problem is fixed in version v2.0.6-dev and above. | |||||
CVE-2021-27104 | 1 Accellion | 1 Fta | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later. | |||||
CVE-2021-26962 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise. | |||||
CVE-2021-26683 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | |||||
CVE-2021-1370 | 1 Cisco | 7 8201, 8202, 8808 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A vulnerability in a CLI command of Cisco IOS XR Software for the Cisco 8000 Series Routers and Network Convergence System 540 Series Routers running NCS540L software images could allow an authenticated, local attacker to elevate their privilege to root. To exploit this vulnerability, an attacker would need to have a valid account on an affected device. The vulnerability is due to insufficient validation of command line arguments. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the prompt. A successful exploit could allow an attacker with low-level privileges to escalate their privilege level to root. | |||||
CVE-2021-20655 | 1 Soliton | 1 Filezen | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2019-25024 | 1 Alleghenycreative | 1 Openrepeater | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | |||||
CVE-2020-26245 | 1 Systeminformation | 1 Systeminformation | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). | |||||
CVE-2020-29056 | 2 Cdata, Cdatatec | 57 Fd1104 Firmware, 72408a, 72408a Firmware and 54 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. One can escape from a shell and acquire root privileges by leveraging the TFTP download configuration. | |||||
CVE-2020-28581 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges. | |||||
CVE-2020-29664 | 1 Dji | 2 Mavic 2, Mavic 2 Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | |||||
CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | |||||
CVE-2021-26747 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2780 and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | |||||
CVE-2020-25494 | 1 Xinuos | 1 Openserver | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. | |||||
CVE-2020-19664 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | |||||
CVE-2021-27102 | 1 Accellion | 1 Fta | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. The fixed version is FTA_9_12_416 and later. | |||||
CVE-2019-25022 | 1 Scytl | 1 Secure Vote | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | |||||
CVE-2021-26476 | 1 Eprints | 1 Eprints | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. | |||||
CVE-2020-27158 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | |||||
CVE-2020-35578 | 1 Nagios | 1 Nagios Xi | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands. |