Total
4220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23348 | 1 Portprocesses Project | 1 Portprocesses | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package launchpad are vulnerable to Command Injection via stop. | |||||
| CVE-2021-23326 | 1 The-guild | 1 Graphql-tools | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
| This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection. | |||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2024-11-21 | 9.3 HIGH | 6.3 MEDIUM |
| In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system. | |||||
| CVE-2021-23031 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23025 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23012 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-22795 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | |||||
| CVE-2021-22657 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-22557 | 1 Google | 1 Slo Generator | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173 | |||||
| CVE-2021-22127 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.9 HIGH | 7.1 HIGH |
| An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name. | |||||
| CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 9.0 HIGH | 6.3 MEDIUM |
| An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | |||||
| CVE-2021-22123 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 9.0 HIGH | 7.6 HIGH |
| An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | |||||
| CVE-2021-21976 | 1 Vmware | 1 Vsphere Replication | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution. | |||||
| CVE-2021-21954 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution. | |||||
| CVE-2021-21888 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21884 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21883 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21882 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||