Total
2294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4406 | 1 Osnexus | 1 Quantastor | 2024-11-21 | N/A | 9.1 CRITICAL |
| An administrator is able to execute commands as root via the alerts management dialog | |||||
| CVE-2021-4329 | 1 Json-logic-js Project | 1 Json-logic-js | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4304 | 1 Ulcc-core Project | 1 Ulcc-core | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The patch is named 811edaae81eb044891594f00062a828f51b22cb1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217447. | |||||
| CVE-2021-4045 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera. | |||||
| CVE-2021-46560 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. | |||||
| CVE-2021-46457 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. | |||||
| CVE-2021-46456 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. | |||||
| CVE-2021-46455 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. | |||||
| CVE-2021-46454 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. | |||||
| CVE-2021-46453 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. | |||||
| CVE-2021-46452 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. | |||||
| CVE-2021-46233 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | |||||
| CVE-2021-46232 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. | |||||
| CVE-2021-46231 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. | |||||
| CVE-2021-46230 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | |||||
| CVE-2021-46229 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | |||||
| CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | |||||
| CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | |||||
| CVE-2021-46226 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | |||||
| CVE-2021-45998 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||