Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20026 | 1 Sonicwall | 1 Network Security Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. | |||||
CVE-2021-35062 | 1 Testzentrum-odw | 1 Testerfassung | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. | |||||
CVE-2021-37708 | 1 Shopware | 1 Shopware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
CVE-2021-34613 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2021-32605 | 1 Zzzcms | 1 Zzzphp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | |||||
CVE-2021-21599 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. | |||||
CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | |||||
CVE-2021-33841 | 1 Circutor | 2 Sge-plc1000, Sge-plc1000 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. | |||||
CVE-2021-1473 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-28113 | 1 Okta | 1 Access Gateway | 2024-02-28 | 8.7 HIGH | 6.7 MEDIUM |
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | |||||
CVE-2021-34614 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2021-30230 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | |||||
CVE-2021-28958 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | |||||
CVE-2021-26472 | 2 Microsoft, Vembu | 3 Windows, Bdr Suite, Offsite Dr | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges. | |||||
CVE-2021-32531 | 1 Qsan | 1 Xevo | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | |||||
CVE-2021-29449 | 1 Pi-hole | 1 Pi-hole | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. | |||||
CVE-2021-21372 | 1 Nim-lang | 1 Nim | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. | |||||
CVE-2021-20708 | 1 Nec | 6 Aterm Wf1200cr, Aterm Wf1200cr Firmware, Aterm Wg1200cr and 3 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 and earlier, and Aterm WG2600HS firmware Ver1.5.1 and earlier) allow authenticated attackers to execute arbitrary OS commands by sending a specially crafted request to a specific URL. | |||||
CVE-2021-21527 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | |||||
CVE-2021-23380 | 1 Roar-pidusage Project | 1 Roar-pidusage | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. |