Total
4252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23380 | 1 Roar-pidusage Project | 1 Roar-pidusage | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23379 | 1 Portkiller Project | 1 Portkiller | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23378 | 1 Picotts Project | 1 Picotts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23377 | 1 Onion-oled-js Project | 1 Onion-oled-js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23376 | 1 Ffmpegdotjs Project | 1 Ffmpegdotjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23375 | 1 Psnode Project | 1 Psnode | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23374 | 1 Ps-visitor Project | 1 Ps-visitor | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23363 | 1 Kill-by-port Project | 1 Kill-by-port | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23360 | 1 Killport Project | 1 Killport | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | |||||
| CVE-2021-23359 | 1 Port-killer Project | 1 Port-killer | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success. | |||||
| CVE-2021-23356 | 1 Kill-process-by-name Project | 1 Kill-process-by-name | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. | |||||
| CVE-2021-23355 | 1 Ps-kill Project | 1 Ps-kill | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
| This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){}); | |||||
| CVE-2021-23348 | 1 Portprocesses Project | 1 Portprocesses | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package launchpad are vulnerable to Command Injection via stop. | |||||
| CVE-2021-23326 | 1 The-guild | 1 Graphql-tools | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
| This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection. | |||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2024-11-21 | 9.3 HIGH | 6.3 MEDIUM |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | |||||
| CVE-2021-23031 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23025 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23012 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||