Total
4255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34616 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34615 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34614 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34613 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34612 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34611 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34610 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-34602 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. | |||||
| CVE-2021-34111 | 1 Thecus | 2 N4800eco, N4800eco Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. | |||||
| CVE-2021-34084 | 1 S3-uploader Project | 1 S3-uploader | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | |||||
| CVE-2021-34083 | 1 Google-it Project | 1 Google-it | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE. | |||||
| CVE-2021-34082 | 1 Proctree Project | 1 Proctree | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. | |||||
| CVE-2021-34081 | 1 Gitsome Project | 1 Gitsome | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. | |||||
| CVE-2021-34080 | 1 Ssl-utils Project | 1 Ssl-utils | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | |||||
| CVE-2021-34079 | 1 Docker-tester Project | 1 Docker-tester | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. | |||||
| CVE-2021-34078 | 1 Adp | 1 Lifion-verifiy-dependencies | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | |||||
| CVE-2021-33990 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | N/A | 9.8 CRITICAL |
| Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.html exists. NOTE: The vendor disputes this issue because the exploit reference link only shows frmfolders.html is accessible and does not demonstrate how an unauthorized user can upload a file. | |||||
| CVE-2021-33962 | 1 Chinamobileltd | 2 An Lianbao Wf-1, An Lianbao Wf Firmware-1 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | |||||
| CVE-2021-33841 | 1 Circutor | 2 Sge-plc1000, Sge-plc1000 Firmware | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. | |||||
| CVE-2021-33827 | 1 Owncloud | 1 Files Antivirus | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | |||||