Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23375 | 1 Psnode Project | 1 Psnode | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
|
|||||
| CVE-2021-23374 | 1 Ps-visitor Project | 1 Ps-visitor | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
|
|||||
| CVE-2021-23363 | 1 Kill-by-port Project | 1 Kill-by-port | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
This affects the package kill-by-port before 0.0.2. If (attacker-controlled) user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
|
|||||
| CVE-2021-23360 | 1 Killport Project | 1 Killport | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
|
This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
|
|||||
| CVE-2021-23359 | 1 Port-killer Project | 1 Port-killer | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
|
This affects all versions of package port-killer. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
|
|||||
| CVE-2021-23356 | 1 Kill-process-by-name Project | 1 Kill-process-by-name | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
|
This affects all versions of package kill-process-by-name. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file.
|
|||||
| CVE-2021-23355 | 1 Ps-kill Project | 1 Ps-kill | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
|
This affects all versions of package ps-kill. If (attacker-controlled) user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization in the index.js file. PoC (provided by reporter): var ps_kill = require('ps-kill'); ps_kill.kill('$(touch success)',function(){});
|
|||||
| CVE-2021-23348 | 1 Portprocesses Project | 1 Portprocesses | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
This affects the package portprocesses before 1.0.5. If (attacker-controlled) user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
|
|||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
All versions of package launchpad are vulnerable to Command Injection via stop.
|
|||||
| CVE-2021-23326 | 1 The-guild | 1 Graphql-tools | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.
|
|||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
|
|||||
| CVE-2021-23154 | 1 Mirantis | 1 Lens | 2024-11-21 | 9.3 HIGH | 6.3 MEDIUM |
|
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
|
|||||
| CVE-2021-23031 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
|
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2021-23025 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions of 12.1.x and 11.6.x, an authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2021-23012 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2021-22795 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
|
A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)
|
|||||
| CVE-2021-22657 | 1 Myscada | 1 Mypro | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
|
|||||
| CVE-2021-22557 | 1 Google | 1 Slo Generator | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
|
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173
|
|||||
| CVE-2021-22127 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 7.9 HIGH | 7.1 HIGH |
|
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.
|
|||||
| CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 9.0 HIGH | 6.3 MEDIUM |
|
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file.
|
|||||
| CVE-2021-22123 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 9.0 HIGH | 7.6 HIGH |
|
An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.
|
|||||
| CVE-2021-21976 | 1 Vmware | 1 Vsphere Replication | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution.
|
|||||
| CVE-2021-21954 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.
|
|||||
| CVE-2021-21888 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21884 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21883 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21882 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21881 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21877 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.
|
|||||
| CVE-2021-21876 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.
|
|||||
| CVE-2021-21875 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21874 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21873 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21872 | 1 Lantronix | 2 Premierwave 2050, Premierwave 2050 Firmware | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21819 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2021-21809 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
|
|||||
| CVE-2021-21805 | 1 Advantech | 1 R-seenet | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.
|
|||||
| CVE-2021-21599 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
|
|||||
| CVE-2021-21585 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.
|
|||||
| CVE-2021-21570 | 1 Dell | 1 Emc Networker | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
|
Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and gain access to unauthorized information.
|
|||||