Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21872 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | |||||
| CVE-2021-21954 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. | |||||
| CVE-2021-41243 | 1 Basercms | 1 Basercms | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. | |||||
| CVE-2021-1594 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
| A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. This vulnerability is due to insufficient input validation for specific API endpoints. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting and modifying specific internode communications from one ISE persona to another ISE persona. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying operating system. To exploit this vulnerability, the attacker would need to decrypt HTTPS traffic between two ISE personas that are located on separate nodes. | |||||
| CVE-2021-20853 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2024-02-28 | 5.2 MEDIUM | 6.8 MEDIUM |
| ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-33962 | 1 Chinamobileltd | 2 An Lianbao Wf-1, An Lianbao Wf Firmware-1 | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | |||||
| CVE-2020-36378 | 1 Aaptjs Project | 1 Aaptjs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-37727 | 2 Arubanetworks, Siemens | 3 Aruba Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version(s): 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3 and below. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability. | |||||
| CVE-2021-44453 | 1 Myscada | 1 Mypro | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands. | |||||
| CVE-2020-25367 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login. | |||||
| CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-02-28 | 7.6 HIGH | 7.8 HIGH |
| Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename. | |||||
| CVE-2021-36185 | 1 Fortinet | 1 Fortiwlm | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2020-26300 | 1 Systeminformation | 1 Systeminformation | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. | |||||
| CVE-2021-34719 | 1 Cisco | 46 8101-32fh, 8101-32h, 8102-64h and 43 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-21570 | 1 Dell | 1 Emc Networker | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information. | |||||
| CVE-2021-40409 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. | |||||