Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32305 | 1 Websvn | 1 Websvn | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | |||||
| CVE-2021-1401 | 1 Cisco | 12 Wap125, Wap125 Firmware, Wap131 and 9 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain sensitive information from or inject arbitrary commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-21883 | 1 Indionetworks | 10 Unibox U1000, Unibox U1000 Firmware, Unibox U2500 and 7 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. | |||||
| CVE-2021-20731 | 1 Buffalo | 4 Wsr-1166dhp3, Wsr-1166dhp3 Firmware, Wsr-1166dhp4 and 1 more | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-21550 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | |||||
| CVE-2021-20682 | 1 Basercms | 1 Basercms | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2020-21937 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. | |||||
| CVE-2021-39244 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | |||||
| CVE-2021-26810 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter. | |||||
| CVE-2020-21999 | 1 Iwt | 2 Facesentry Access Control System, Facesentry Access Control System Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script. | |||||
| CVE-2021-34610 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-28804 | 1 Qnap | 2 Qts, Quts Hero | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217. | |||||
| CVE-2021-21388 | 1 Systeminformation | 1 Systeminformation | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected. | |||||
| CVE-2021-3050 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue. | |||||
| CVE-2021-28802 | 1 Qnap | 2 Qts, Quts Hero | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc. QuTS hero versions prior to h4.5.1.1582 build 20210217. | |||||
| CVE-2020-21935 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. | |||||
| CVE-2021-27944 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload. | |||||
| CVE-2021-30228 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter. | |||||
| CVE-2021-32533 | 1 Qsan | 1 Sanos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | |||||
| CVE-2021-26097 | 1 Fortinet | 1 Fortisandbox | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||