Total
4255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2021-43033 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. | |||||
| CVE-2021-42969 | 1 Anaconda | 1 Anaconda3 | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed. | |||||
| CVE-2021-42912 | 1 Fiberhome | 12 Aan5506-04-g2g Firmware, An5506-01-a, An5506-01-a Firmware and 9 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. | |||||
| CVE-2021-42897 | 1 Feminer Wms Project | 1 Feminer Wms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | |||||
| CVE-2021-42890 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | |||||
| CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | |||||
| CVE-2021-42885 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | |||||
| CVE-2021-42884 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | |||||
| CVE-2021-42875 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | |||||
| CVE-2021-42872 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | |||||
| CVE-2021-42852 | 1 Lenovo | 10 A1, A1 Firmware, T1 and 7 more | 2024-11-21 | 7.7 HIGH | 8.0 HIGH |
| A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | |||||
| CVE-2021-42796 | 1 Aveva | 1 Edge | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed. | |||||
| CVE-2021-42784 | 1 Dlink | 2 Dwr-932c, Dwr-932c E1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 firmware allows a remote attacker to perform command injection via a crafted HTTP request. | |||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | |||||
| CVE-2021-42372 | 1 Xorux | 2 Lpar2rrd, Stor2rrd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. | |||||
| CVE-2021-42324 | 1 Dcnglobal | 2 S4600-10p-si, S4600-10p-si Firmware | 2024-11-21 | 7.2 HIGH | 7.4 HIGH |
| An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access. | |||||
| CVE-2021-42232 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | |||||
| CVE-2021-42165 | 1 Mitrastar | 2 Gpt-2541gnac-n1, Gpt-2541gnac-n1 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | |||||
| CVE-2021-42081 | 1 Osnexus | 1 Quantastor | 2024-11-21 | N/A | 9.1 CRITICAL |
| An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. | |||||