Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20557 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-05-25 | 9.0 HIGH | 7.2 HIGH |
| IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184. | |||||
| CVE-2018-1184 | 1 Dell | 2 Emc Recoverpoint, Emc Recoverpoint For Virtual Machines | 2021-05-24 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass Boxmgmt CLI and run arbitrary commands with root privileges. | |||||
| CVE-2021-32605 | 1 Zzzcms | 1 Zzzphp | 2021-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | |||||
| CVE-2021-31915 | 1 Jetbrains | 1 Teamcity | 2021-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | |||||
| CVE-2021-1421 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2021-05-17 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input to a configuration command. An attacker could exploit this vulnerability by including malicious input during the execution of this command. A successful exploit could allow a non-privileged attacker authenticated in the restricted CLI to execute arbitrary commands on the underlying operating system (OS) with root privileges. | |||||
| CVE-2021-21527 | 1 Dell | 1 Emc Powerscale Onefs | 2021-05-14 | 7.2 HIGH | 6.7 MEDIUM |
| Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | |||||
| CVE-2021-21550 | 1 Dell | 1 Emc Powerscale Onefs | 2021-05-14 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | |||||
| CVE-2017-15049 | 1 Zoom | 1 Zoom | 2021-05-14 | 9.3 HIGH | 8.8 HIGH |
| The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | |||||
| CVE-2021-28151 | 1 Hongdian | 2 H8922, H8922 Firmware | 2021-05-13 | 9.0 HIGH | 8.8 HIGH |
| Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. | |||||
| CVE-2019-12725 | 1 Zeroshell | 1 Zeroshell | 2021-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. | |||||
| CVE-2020-21992 | 1 Inim | 12 Smartliving 10100l, Smartliving 10100l Firmware, Smartliving 10100lg3 and 9 more | 2021-05-12 | 9.0 HIGH | 8.8 HIGH |
| Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an authenticated remote command injection vulnerability. The issue exist due to the 'par' POST parameter not being sanitized when called with the 'testemail' module through web.cgi binary. The vulnerable CGI binary (ELF 32-bit LSB executable, ARM) is calling the 'sh' executable via the system() function to issue a command using the mailx service and its vulnerable string format parameter allowing for OS command injection with root privileges. An attacker can remotely execute system commands as the root user using default credentials and bypass access controls in place. | |||||
| CVE-2020-21999 | 1 Iwt | 2 Facesentry Access Control System, Facesentry Access Control System Firmware | 2021-05-11 | 9.0 HIGH | 8.8 HIGH |
| iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script. | |||||
| CVE-2017-11566 | 1 Appsec-labs | 1 Appuse | 2021-05-11 | 7.2 HIGH | 7.8 HIGH |
| AppUse 4.0 allows shell command injection via a proxy field. | |||||
| CVE-2021-21530 | 1 Dell | 1 Openmanage Enterprise-modular | 2021-05-10 | 6.5 MEDIUM | 8.8 HIGH |
| Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. | |||||
| CVE-2019-10777 | 1 Amazon | 1 Aws Lambda | 2021-05-10 | 7.5 HIGH | 9.8 CRITICAL |
| In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName". | |||||
| CVE-2021-1476 | 1 Cisco | 2 Adaptive Security Appliance, Firepower Threat Defense | 2021-05-08 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials. | |||||
| CVE-2021-29147 | 1 Arubanetworks | 1 Clearpass | 2021-05-07 | 9.0 HIGH | 8.8 HIGH |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s) prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-30642 | 1 Symantec | 1 Security Analytics | 2021-05-07 | 10.0 HIGH | 9.8 CRITICAL |
| An input validation flaw in the Symantec Security Analytics web UI 7.2 prior 7.2.7, 8.1, prior to 8.1.3-NSR3, 8.2, prior to 8.2.1-NSR2 or 8.2.2 allows a remote, unauthenticated attacker to execute arbitrary OS commands on the target with elevated privileges. | |||||
| CVE-2020-22000 | 1 Homeautomation Project | 1 Homeautomation | 2021-05-06 | 8.5 HIGH | 8.0 HIGH |
| HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function. | |||||
| CVE-2021-30166 | 1 Meritlilin | 82 P2g1022, P2g1022 Firmware, P2g1022x and 79 more | 2021-05-05 | 9.0 HIGH | 7.2 HIGH |
| The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logging in with the privileged permission. | |||||