Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-33550 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
CVE-2021-34729 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system. An attacker would need valid user credentials to exploit this vulnerability. | |||||
CVE-2021-40411 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. | |||||
CVE-2021-21876 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-02-28 | 6.5 MEDIUM | 9.1 CRITICAL |
Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability. | |||||
CVE-2021-1529 | 1 Cisco | 57 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4p Integrated Services Router and 54 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | |||||
CVE-2021-20143 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
CVE-2021-37925 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability. | |||||
CVE-2022-23935 | 1 Exiftool Project | 1 Exiftool | 2024-02-28 | 7.6 HIGH | 7.8 HIGH |
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. | |||||
CVE-2021-44981 | 1 Quickbox | 1 Quickbox | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(''); function, which allows for privilege escalation by means of RCE. | |||||
CVE-2021-34721 | 1 Cisco | 44 8101-32fh, 8101-32h, 8102-64h and 41 more | 2024-02-28 | 6.9 MEDIUM | 6.7 MEDIUM |
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-39459 | 1 Redaxo | 1 Redaxo | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | |||||
CVE-2021-20039 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
CVE-2020-25368 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login. | |||||
CVE-2021-45845 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document. | |||||
CVE-2021-44685 | 1 Git-it Project | 1 Git-it | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution). | |||||
CVE-2021-28571 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2024-02-28 | 7.6 HIGH | 8.8 HIGH |
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2021-29393 | 1 Globalnorthstar | 1 Northstar Club Management | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters. | |||||
CVE-2021-21888 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2021-3584 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. | |||||
CVE-2020-22724 | 1 Mercury | 4 Mer1200, Mer1200 Firmware, Mer1200g and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. |