Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29071 | 1 Netgear | 22 Rbk852, Rbk852 Firmware, Rbk853 and 19 more | 2024-08-03 | 9.6 Critical |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. | ||||
| CVE-2021-29070 | 1 Netgear | 10 Rbk852, Rbk852 Firmware, Rbk853 and 7 more | 2024-08-03 | 8.4 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12. | ||||
| CVE-2021-29069 | 1 Netgear | 6 Wnr2000v5, Wnr2000v5 Firmware, Xr450 and 3 more | 2024-08-03 | 7.3 High |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76. | ||||
| CVE-2021-28960 | 1 Manageengine | 1 Desktop Central | 2024-08-03 | 9.8 Critical |
| Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. | ||||
| CVE-2021-26275 | 1 Eslint-fixer Project | 1 Eslint-fixer | 2024-08-03 | 9.8 Critical |
| The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted | ||||
| CVE-2021-27447 | 1 Mesalabs | 1 Amegaview | 2024-08-03 | 10 Critical |
| Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-27185 | 1 Samba-client Project | 1 Samba-client | 2024-08-03 | 9.8 Critical |
| The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec. | ||||
| CVE-2021-26727 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-08-03 | 10 Critical |
| Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26728 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-08-03 | 10 Critical |
| Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26729 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-08-03 | 10 Critical |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26576 | 1 Hpe | 2 Apollo 70 System, Baseboard Management Controller | 2024-08-03 | 7.8 High |
| The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. | ||||
| CVE-2021-25812 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-08-03 | 9.8 Critical |
| Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. | ||||
| CVE-2021-25172 | 1 Hpe | 2 Apollo 70 System, Baseboard Management Controller | 2024-08-03 | 7.8 High |
| The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function. | ||||
| CVE-2021-24033 | 1 Facebook | 1 React-dev-utils | 2024-08-03 | 5.6 Medium |
| react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you. | ||||
| CVE-2021-23247 | 1 Oppo | 1 Quick App | 2024-08-03 | 9.8 Critical |
| A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | ||||
| CVE-2021-22899 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-08-03 | 8.8 High |
| A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature | ||||
| CVE-2021-22935 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-08-03 | 7.2 High |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter. | ||||
| CVE-2021-22938 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-08-03 | 7.2 High |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform command injection via an unsanitized web parameter in the administrator web console. | ||||
| CVE-2021-22864 | 1 Github | 1 Enterprise Server | 2024-08-03 | 8.8 High |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to override environment variables leading to code execution on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.0.3 and was fixed in 3.0.3, 2.22.9, and 2.21.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2021-22867 | 1 Github | 1 Enterprise Server | 2024-08-03 | 6.5 Medium |
| A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not sufficiently restricted and made it possible to read files on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.1.3 and was fixed in 3.1.3, 3.0.11, and 2.22.17. This vulnerability was reported via the GitHub Bug Bounty program. | ||||