Total
794 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29071 | 1 Netgear | 22 Rbk852, Rbk852 Firmware, Rbk853 and 19 more | 2024-11-21 | 5.2 MEDIUM | 9.6 CRITICAL |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBR752 before 3.2.17.12, RBR753 before 3.2.17.12, RBR753S before 3.2.17.12, RBR754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12. | |||||
| CVE-2021-28960 | 1 Manageengine | 1 Desktop Central | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations. | |||||
| CVE-2021-27944 | 1 Vizio | 4 E50x-e1, E50x-e1 Firmware, P65-f1 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload. | |||||
| CVE-2021-27449 | 1 Mesalabs | 1 Amegaview | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server. | |||||
| CVE-2021-27447 | 1 Mesalabs | 1 Amegaview | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-27185 | 1 Samba-client Project | 1 Samba-client | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec. | |||||
| CVE-2021-26731 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2021-26729 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2021-26728 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2021-26727 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2021-26541 | 1 Gitlog Project | 1 Gitlog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The gitlog function in src/index.ts in gitlog before 4.0.4 has a command injection vulnerability. | |||||
| CVE-2021-26275 | 1 Eslint-fixer Project | 1 Eslint-fixer | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted. | |||||
| CVE-2021-25812 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. | |||||
| CVE-2021-23378 | 1 Picotts Project | 1 Picotts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23377 | 1 Onion-oled-js Project | 1 Onion-oled-js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23376 | 1 Ffmpegdotjs Project | 1 Ffmpegdotjs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. | |||||
| CVE-2021-23330 | 1 Bitovi | 1 Launchpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package launchpad are vulnerable to Command Injection via stop. | |||||
| CVE-2021-23247 | 1 Oppo | 1 Quick App | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | |||||
| CVE-2021-21984 | 1 Vmware | 1 Vrealize Business For Cloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability due to an unauthorised end point. A malicious actor with network access may exploit this issue causing unauthorised remote code execution on vRealize Business for Cloud Virtual Appliance. | |||||
| CVE-2021-20991 | 1 Fibaro | 4 Home Center 2, Home Center 2 Firmware, Home Center Lite and 1 more | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
| In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability. | |||||