Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31769 | 1 Myq-solution | 1 Myq Server | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | |||||
| CVE-2021-32673 | 1 Reg-keygen-git-hash Project | 1 Reg-keygen-git-hash | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue. | |||||
| CVE-2021-34612 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2020-5322 | 1 Dell | 1 Emc Openmanage Enterprise-modular | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
| Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system. | |||||
| CVE-2021-20557 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. | |||||
| CVE-2021-29300 | 1 Ronomon | 1 Opened | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input. | |||||
| CVE-2021-27710 | 1 Totolink | 4 A720r, A720r Firmware, X5000r and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS. | |||||
| CVE-2021-20740 | 2 Hitachi, Nec | 13 Virtual File Platform, Nas Gateway Nh4a, Nas Gateway Nh4a Firmware and 10 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-31698 | 1 Quectel | 2 Eg25-g, Eg25-g Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | |||||
| CVE-2021-34616 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2020-36198 | 1 Qnap | 1 Malware Remover | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | |||||
| CVE-2020-28695 | 1 Askey | 2 Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7, Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7 Firmware | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
| Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | |||||
| CVE-2021-23412 | 1 Gitlogplus Project | 1 Gitlogplus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization. | |||||
| CVE-2021-30187 | 1 Codesys | 1 Runtime Toolkit | 2024-02-28 | 4.6 MEDIUM | 5.3 MEDIUM |
| CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralization of Special Elements used in an OS Command. | |||||
| CVE-2021-39159 | 1 Jupyter | 1 Binderhub | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround. | |||||
| CVE-2021-39160 | 1 Jupyterhub | 1 Nbgitpuller | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade. No work around exist for users who can not upgrade. | |||||
| CVE-2020-35314 | 1 Wondercms | 1 Wondercms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | |||||
| CVE-2021-23377 | 1 Onion-oled-js Project | 1 Onion-oled-js | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-30229 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. | |||||
| CVE-2021-21526 | 1 Dell | 1 Powerscale Onefs | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root. | |||||