Total
5065 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32534 | 1 Qsan | 1 Sanos | 2024-11-21 | 9.8 Critical |
| QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | ||||
| CVE-2021-32533 | 1 Qsan | 1 Sanos | 2024-11-21 | 9.8 Critical |
| The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | ||||
| CVE-2021-32531 | 1 Qsan | 1 Xevo | 2024-11-21 | 9.8 Critical |
| OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | ||||
| CVE-2021-32530 | 1 Qsan | 1 Xevo | 2024-11-21 | 9.8 Critical |
| OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | ||||
| CVE-2021-32524 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 9.1 Critical |
| Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | ||||
| CVE-2021-32513 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 9.8 Critical |
| QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32512 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 9.8 Critical |
| QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | ||||
| CVE-2021-32475 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.4 Medium |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | ||||
| CVE-2021-32305 | 1 Websvn | 1 Websvn | 2024-11-21 | 9.8 Critical |
| WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | ||||
| CVE-2021-32090 | 1 Localstack | 1 Localstack | 2024-11-21 | 9.8 Critical |
| The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. | ||||
| CVE-2021-31915 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 9.8 Critical |
| In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | ||||
| CVE-2021-31891 | 2 Debian, Siemens | 6 Debian Linux, Desigo Cc, Gma-manager and 3 more | 2024-11-21 | 10.0 Critical |
| A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. | ||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2024-11-21 | 7.7 High |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | ||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2024-11-21 | 8.4 High |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | ||||
| CVE-2021-31799 | 4 Debian, Oracle, Redhat and 1 more | 8 Debian Linux, Jd Edwards Enterpriseone Tools, Enterprise Linux and 5 more | 2024-11-21 | 7 High |
| In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | ||||
| CVE-2021-31769 | 1 Myq-solution | 1 Myq Server | 2024-11-21 | 8.8 High |
| MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | ||||
| CVE-2021-31698 | 1 Quectel | 2 Eg25-g, Eg25-g Firmware | 2024-11-21 | 9.8 Critical |
| Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | ||||
| CVE-2021-31607 | 2 Fedoraproject, Saltstack | 2 Fedora, Salt | 2024-11-21 | 7.8 High |
| In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely). | ||||
| CVE-2021-31605 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2024-11-21 | 7.5 High |
| furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. | ||||
| CVE-2021-31580 | 1 Akkadianlabs | 2 Ova Appliance, Provisioning Manager | 2024-11-21 | 8.7 High |
| The restricted shell provided by Akkadian Provisioning Manager Engine (PME) can be bypassed by switching the OpenSSH channel from `shell` to `exec` and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 (and later), Akkadian Provisioning Manager 5.0.2 (and later), and Akkadian Appliance Manager 3.3.0.314-4a349e0 (and later). | ||||