Total
3673 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43266 | 1 Mahara | 1 Mahara | 2022-05-03 | 4.6 MEDIUM | 7.3 HIGH |
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. Additional, in Mahara before 20.10.4, 21.04.3, and 21.10.1, exporting collections via PDF export could cause code execution | |||||
CVE-2021-30233 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. | |||||
CVE-2021-30229 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. | |||||
CVE-2021-25167 | 1 Arubanetworks | 1 Airwave | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
CVE-2021-30232 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter. | |||||
CVE-2021-22125 | 1 Fortinet | 1 Fortisandbox | 2022-05-03 | 9.0 HIGH | 7.2 HIGH |
An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file. | |||||
CVE-2021-30234 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. | |||||
CVE-2020-36378 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
CVE-2021-29003 | 1 Genexis | 2 Platinum 4410, Platinum 4410 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI. | |||||
CVE-2021-30231 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter. | |||||
CVE-2020-25755 | 1 Enphase | 2 Envoy, Envoy Firmware | 2022-05-03 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. | |||||
CVE-2020-36377 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
CVE-2021-30230 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. | |||||
CVE-2021-31698 | 1 Quectel | 2 Eg25-g, Eg25-g Firmware | 2022-05-03 | 10.0 HIGH | 9.8 CRITICAL |
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon. | |||||
CVE-2020-21935 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. | |||||
CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
CVE-2021-30228 | 1 Chinamobile | 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter. | |||||
CVE-2020-36379 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | |||||
CVE-2020-26772 | 1 Ppgo Jobs Project | 1 Ppgo Jobs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function. | |||||
CVE-2020-36381 | 1 Aaptjs Project | 1 Aaptjs | 2022-05-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. |