Total
3673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4222 | 1 Ibm | 1 Spectrum Protect | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175091. | |||||
| CVE-2020-15922 | 1 Midasolutions | 1 Eframework | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| There is an OS Command Injection in Mida eFramework 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. Authentication is required. | |||||
| CVE-2021-32305 | 1 Websvn | 1 Websvn | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | |||||
| CVE-2020-8654 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-12-30 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/module_frame/index.php autodiscovery.php target field. | |||||
| CVE-2021-22657 | 1 Myscada | 1 Mypro | 2021-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-23198 | 1 Myscada | 1 Mypro | 2021-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-43981 | 1 Myscada | 1 Mypro | 2021-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2021-43984 | 1 Myscada | 1 Mypro | 2021-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | |||||
| CVE-2020-19316 | 2 Laravel, Microsoft | 2 Framework, Windows | 2021-12-22 | 6.8 MEDIUM | 8.8 HIGH |
| OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. | |||||
| CVE-2020-13448 | 1 Quickbox | 1 Quickbox | 2021-12-13 | 9.0 HIGH | 8.8 HIGH |
| QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter. | |||||
| CVE-2021-42759 | 1 Fortinet | 2 Meru, Meru Firmware | 2021-12-13 | 7.2 HIGH | 6.7 MEDIUM |
| A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | |||||
| CVE-2021-20144 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20143 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20142 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20141 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20140 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20139 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the controller_server service on Gryphon Tower routers. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the controller_server service on port 9999. | |||||
| CVE-2021-20138 | 1 Gryphonconnect | 2 Gryphon Tower, Gryphon Tower Firmware | 2021-12-13 | 8.3 HIGH | 8.8 HIGH |
| An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Tower router’s web interface at /cgi-bin/luci/rc. An unauthenticated remote attacker on the same network can execute commands as root on the device by sending a specially crafted malicious packet to the web interface. | |||||
| CVE-2021-20044 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2021-12-10 | 9.0 HIGH | 8.8 HIGH |
| A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2021-36195 | 1 Fortinet | 1 Fortiweb | 2021-12-10 | 9.0 HIGH | 8.8 HIGH |
| Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. | |||||