Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6288 | 1 Edge-core | 2 Ecs2020, Ecs2020 Firmware | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Edgecore ECS2020 Firmware 1.0.0.0 devices allow Unauthenticated Command Injection via the command1 HTTP header to the /EXCU_SHELL URI. | |||||
| CVE-2021-34349 | 1 Qnap | 1 Qvr | 2021-10-05 | 6.5 MEDIUM | 7.2 HIGH |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | |||||
| CVE-2021-34351 | 1 Qnap | 1 Qvr | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | |||||
| CVE-2021-34348 | 1 Qnap | 1 Qvr | 2021-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | |||||
| CVE-2021-34352 | 1 Qnap | 1 Qvr | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later | |||||
| CVE-2021-31605 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2021-10-02 | 7.8 HIGH | 7.5 HIGH |
| furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. This can shut down the server via signal%20SIGTERM. | |||||
| CVE-2021-38124 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. | |||||
| CVE-2016-10033 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2021-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | |||||
| CVE-2016-10045 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2021-09-30 | 7.5 HIGH | 9.8 CRITICAL |
| The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033. | |||||
| CVE-2021-41383 | 1 Netgear | 2 R6020, R6020 Firmware | 2021-09-29 | 9.0 HIGH | 7.2 HIGH |
| setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. | |||||
| CVE-2020-14119 | 1 Mi | 1 Ax3600 | 2021-09-27 | 10.0 HIGH | 9.8 CRITICAL |
| There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | |||||
| CVE-2020-14109 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2021-09-27 | 9.0 HIGH | 7.2 HIGH |
| There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | |||||
| CVE-2020-19151 | 1 Jflyfox | 1 Jfinal Cms | 2021-09-22 | 6.5 MEDIUM | 8.8 HIGH |
| Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'. | |||||
| CVE-2021-29703 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659. | |||||
| CVE-2021-32529 | 1 Qsan | 2 Sanos, Xevo | 2021-09-20 | 7.5 HIGH | 9.8 CRITICAL |
| Command injection vulnerability in QSAN XEVO, SANOS allows remote unauthenticated attackers to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-28961 | 1 Openwrt | 1 Openwrt | 2021-09-16 | 6.5 MEDIUM | 8.8 HIGH |
| applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | |||||
| CVE-2021-37145 | 1 Poly | 4 Cx5100, Cx5100 Firmware, Cx5500 and 1 more | 2021-09-15 | 6.5 MEDIUM | 7.2 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-6270 | 1 Trendmicro | 1 Virtual Mobile Infrastructure | 2021-09-13 | 9.0 HIGH | 8.8 HIGH |
| The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/. | |||||
| CVE-2021-37719 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2021-09-09 | 9.0 HIGH | 7.2 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability. | |||||
| CVE-2021-35220 | 1 Solarwinds | 1 Orion Platform | 2021-09-08 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection vulnerability in EmailWebPage API which can lead to a Remote Code Execution (RCE) from the Alerts Settings page. | |||||