Total
3060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38373 | 1 Kde | 1 Kmail | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
|
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
|
|||||
| CVE-2021-38372 | 1 Kde | 1 Trojita | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
|
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
|
|||||
| CVE-2021-38370 | 1 Alpine Project | 1 Alpine | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.
|
|||||
| CVE-2021-38189 | 1 Lettre | 1 Lettre | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two <CR><LF> sequences and then inject arbitrary SMTP commands.
|
|||||
| CVE-2021-38173 | 3 Debian, Digint, Fedoraproject | 3 Debian Linux, Btrbk, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys.
|
|||||
| CVE-2021-38169 | 1 Roxy-wi | 1 Roxy-wi | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.
|
|||||
| CVE-2021-38124 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
|
|||||
| CVE-2021-37739 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
|
|||||
| CVE-2021-37724 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37723 | 2 Arubanetworks, Siemens | 3 Arubaos, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37722 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37721 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37720 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37719 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37718 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37717 | 2 Arubanetworks, Siemens | 4 Arubaos, Sd-wan, Scalance W1750d and 1 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
|
|||||
| CVE-2021-37708 | 1 Shopware | 1 Shopware | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
|
Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
|
|||||
| CVE-2021-37145 | 1 Poly | 4 Cx5100, Cx5100 Firmware, Cx5500 and 1 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2021-37106 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system.
|
|||||
| CVE-2021-37102 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0.
|
|||||
| CVE-2021-36707 | 1 Prolink | 2 Prc2402m, Prc2402m Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in the adm.cgi binary, accessible with a page parameter value of ledonoff contains a trivial command injection where the value of the led_cmd parameter is passed directly to do_system.
|
|||||
| CVE-2021-36024 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code execution.
|
|||||
| CVE-2021-35978 | 1 Digi | 18 Transport Dr64, Transport Dr64 Firmware, Transport Sr44 and 15 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrary remote command execution with SUPER privileges. This allows an attacker (with knowledge of the protocol) to execute arbitrary code on the controller including overwriting firmware, adding/removing users, disabling the internal firewall, etc.
|
|||||
| CVE-2021-35220 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
|
Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page.
|
|||||
| CVE-2021-34809 | 1 Synology | 1 Download Station | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
|
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2021-34748 | 1 Cisco | 1 Intersight Virtual Appliance | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using the web-based management interface to execute a command using crafted input. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on an ...
Show More |
|||||
| CVE-2021-34729 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input in the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands with ...
Show More |
|||||
| CVE-2021-34726 | 1 Cisco | 1 Sd-wan | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to ...
Show More |
|||||
| CVE-2021-34725 | 1 Cisco | 49 1000 Integrated Services Router, 1100-4g\/6g Integrated Services Router, 1100-4p Integrated Services Router and 46 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the aff ...
Show More |
|||||
| CVE-2021-34592 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.
|
|||||
| CVE-2021-34362 | 1 Qnap | 3 Media Streaming Add-on, Qts, Quts Hero | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
|
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3 ...
Show More |
|||||
| CVE-2021-34352 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.5 HIGH | 7.2 HIGH |
|
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later
|
|||||
| CVE-2021-34351 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
|
|||||
| CVE-2021-34349 | 1 Qnap | 1 Qvr | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
|
|||||
| CVE-2021-34348 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later
|
|||||
| CVE-2021-33965 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
|
|||||
| CVE-2021-33964 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
|
|||||
| CVE-2021-33963 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
|
|||||
| CVE-2021-33515 | 3 Debian, Dovecot, Fedoraproject | 3 Debian Linux, Dovecot, Fedora | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
|
|||||
| CVE-2021-32933 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process.
|
|||||