Total
5065 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26747 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2780 and 1 more | 2024-11-21 | 9.8 Critical |
| Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | ||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | ||||
| CVE-2021-26724 | 1 Nozominetworks | 2 Central Management Control, Guardian | 2024-11-21 | 7.2 High |
| OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions. | ||||
| CVE-2021-26704 | 1 Eprints | 1 Eprints | 2024-11-21 | 8.8 High |
| EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. | ||||
| CVE-2021-26684 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26683 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26681 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26680 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26679 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | ||||
| CVE-2021-26616 | 1 Secuwiz | 1 Secuwayssl U | 2024-11-21 | 7.8 High |
| An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments. | ||||
| CVE-2021-26543 | 1 Wayfair | 1 Git-parse | 2024-11-21 | 8.8 High |
| The "gitDiff" function in Wayfair git-parse <=1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5. | ||||
| CVE-2021-26541 | 1 Gitlog Project | 1 Gitlog | 2024-11-21 | 9.8 Critical |
| The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. | ||||
| CVE-2021-26476 | 1 Eprints | 1 Eprints | 2024-11-21 | 9.8 Critical |
| EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. | ||||
| CVE-2021-26472 | 2 Microsoft, Vembu | 3 Windows, Bdr Suite, Offsite Dr | 2024-11-21 | 10 Critical |
| In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges. | ||||
| CVE-2021-26116 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 6.7 Medium |
| An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | ||||
| CVE-2021-26106 | 1 Fortinet | 3 Fortiap, Fortiap-s, Fortiap-w2 | 2024-11-21 | 7.8 High |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments. | ||||
| CVE-2021-26104 | 1 Fortinet | 3 Fortianalyzer, Fortimanager, Fortiportal | 2024-11-21 | 7.8 High |
| Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. | ||||
| CVE-2021-26097 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 8.8 High |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2021-25310 | 1 Belkin | 2 Linksys Wrt160nl, Linksys Wrt160nl Firmware | 2024-11-21 | 8.8 High |
| The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine | ||||
| CVE-2021-25167 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.8 High |
| A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||