Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-02-25 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass. | |||||
| CVE-2022-22945 | 1 Vmware | 2 Cloud Foundation, Nsx Data Center | 2022-02-24 | 7.2 HIGH | 7.8 HIGH |
| VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. | |||||
| CVE-2017-14535 | 1 Netfortris | 1 Trixbox | 2022-02-19 | 9.0 HIGH | 8.8 HIGH |
| trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | |||||
| CVE-2021-26616 | 1 Secuwiz | 1 Secuwayssl U | 2022-02-15 | 7.5 HIGH | 9.8 CRITICAL |
| An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments. | |||||
| CVE-2022-23611 | 1 Itunesrpc-remastered Project | 1 Itunesrpc-remastered | 2022-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade. | |||||
| CVE-2021-20639 | 1 Logitech | 2 Lan-w300n\/pgrb, Lan-w300n\/pgrb Firmware | 2022-02-10 | 7.7 HIGH | 6.8 MEDIUM |
| LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-20638 | 1 Logitech | 2 Lan-w300n\/pgrb, Lan-w300n\/pgrb Firmware | 2022-02-10 | 7.7 HIGH | 6.8 MEDIUM |
| LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-5173 | 1 Geutebrueck | 2 Ip Camera G-cam Efd-2250, Ip Camera G-cam Efd-2250 Firmware | 2022-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution. | |||||
| CVE-2019-18184 | 1 Crestron | 2 Dmc-stro, Dmc-stro Firmware | 2022-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. | |||||
| CVE-2021-29393 | 1 Globalnorthstar | 1 Northstar Club Management | 2022-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters. | |||||
| CVE-2022-0365 | 1 Riconmobile | 4 S9922l, S9922l Firmware, S9922xl and 1 more | 2022-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | |||||
| CVE-2021-43073 | 1 Fortinet | 1 Fortiweb | 2022-02-07 | 6.5 MEDIUM | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2021-41018 | 1 Fortinet | 1 Fortiweb | 2022-02-04 | 9.0 HIGH | 8.8 HIGH |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | |||||
| CVE-2021-37531 | 1 Sap | 1 Netweaver Knowledge Management Xml Forms | 2022-02-02 | 9.0 HIGH | 8.8 HIGH |
| SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system. | |||||
| CVE-2021-32849 | 1 Gerapy | 1 Gerapy | 2022-02-02 | 9.0 HIGH | 8.8 HIGH |
| Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds. | |||||
| CVE-2021-36295 | 1 Dell | 9 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 6 more | 2022-01-31 | 9.0 HIGH | 7.2 HIGH |
| Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | |||||
| CVE-2021-36296 | 1 Dell | 9 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 6 more | 2022-01-31 | 9.0 HIGH | 7.2 HIGH |
| Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system. | |||||
| CVE-2021-43589 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2022-01-28 | 7.2 HIGH | 6.7 MEDIUM |
| Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. | |||||
| CVE-2021-33962 | 1 Chinamobileltd | 2 An Lianbao Wf-1, An Lianbao Wf Firmware-1 | 2022-01-25 | 10.0 HIGH | 9.8 CRITICAL |
| China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | |||||
| CVE-2021-38965 | 1 Ibm | 1 Filenet Content Manager | 2022-01-22 | 9.0 HIGH | 8.8 HIGH |
| IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 212346. | |||||