Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33553 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-20141 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-43779 | 1 Teclib-edition | 1 Addressing | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin. | |||||
| CVE-2021-40412 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2021-31356 | 1 Juniper | 1 Junos Os Evolved | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability in command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allows an attacker to bypass command authorization restrictions assigned to their specific user account and execute commands that are available to the privilege level for which the user is assigned. For example, a user that is in the super-user login class, but restricted to executing specific CLI commands could exploit the vulnerability to execute any other command available to an unrestricted admin user. This vulnerability does not increase the privilege level of the user, but rather bypasses any CLI command restrictions by allowing full access to the shell. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; All versions of 21.1-EVO and 21.2-EVO. | |||||
| CVE-2021-40408 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | |||||
| CVE-2021-45987 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. | |||||
| CVE-2020-8105 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz. | |||||
| CVE-2021-27561 | 1 Yealink | 1 Device Management | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. | |||||
| CVE-2021-43984 | 1 Myscada | 1 Mypro | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-22557 | 1 Google | 1 Slo Generator | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 | |||||
| CVE-2021-38965 | 1 Ibm | 1 Filenet Content Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346. | |||||
| CVE-2021-37913 | 1 Hgiga | 1 Oaklouds Portal | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in. | |||||
| CVE-2022-0365 | 1 Riconmobile | 4 S9922l, S9922l Firmware, S9922xl and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | |||||
| CVE-2021-23862 | 1 Bosch | 8 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 5 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | |||||
| CVE-2021-20139 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | |||||
| CVE-2021-36295 | 1 Dell | 9 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 6 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | |||||
| CVE-2021-35031 | 1 Zyxel | 28 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 25 more | 2024-02-28 | 7.7 HIGH | 8.0 HIGH |
| A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. | |||||
| CVE-2021-39065 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum Copy Data Management Admin Console login and uploadcertificate function . A remote attacker could inject arbitrary shell commands which would be executed on the affected system. IBM X-Force ID: 214958. | |||||