Total
4937 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34614 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.3 Medium |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-34613 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.3 Medium |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-34612 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.3 Medium |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-34611 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-34610 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 7.2 High |
| A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-34602 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-11-21 | 8.8 High |
| In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. | ||||
| CVE-2021-34362 | 1 Qnap | 3 Media Streaming Add-on, Qts, Quts Hero | 2024-11-21 | 8.7 High |
| A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.5.4: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later QTS 4.3.6: Media Streaming add-on 430.1.8.12 ( 2021/08/20 ) and later QTS 4.3.3: Media Streaming add-on 430.1.8.12 ( 2021/09/29 ) and later QuTS-Hero 5.0.0: Media Streaming add-on 500.0.0.3 ( 2021/08/20 ) and later | ||||
| CVE-2021-34352 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.2 High |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210902 and later | ||||
| CVE-2021-34351 | 1 Qnap | 1 Qvr | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | ||||
| CVE-2021-34349 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.2 High |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | ||||
| CVE-2021-34348 | 1 Qnap | 1 Qvr | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | ||||
| CVE-2021-34111 | 1 Thecus | 2 N4800eco, N4800eco Firmware | 2024-11-21 | 9.8 Critical |
| Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. | ||||
| CVE-2021-34084 | 1 S3-uploader Project | 1 S3-uploader | 2024-11-21 | 9.8 Critical |
| OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | ||||
| CVE-2021-34083 | 1 Google-it Project | 1 Google-it | 2024-11-21 | 8.1 High |
| Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE. | ||||
| CVE-2021-34082 | 1 Proctree Project | 1 Proctree | 2024-11-21 | 9.8 Critical |
| OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. | ||||
| CVE-2021-34081 | 1 Gitsome Project | 1 Gitsome | 2024-11-21 | 8.8 High |
| OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. | ||||
| CVE-2021-34080 | 1 Ssl-utils Project | 1 Ssl-utils | 2024-11-21 | 9.8 Critical |
| OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | ||||
| CVE-2021-34079 | 1 Docker-tester Project | 1 Docker-tester | 2024-11-21 | 9.8 Critical |
| OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. | ||||
| CVE-2021-34078 | 1 Adp | 1 Lifion-verifiy-dependencies | 2024-11-21 | 8.8 High |
| lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | ||||
| CVE-2021-33962 | 1 Chinamobileltd | 2 An Lianbao Wf-1, An Lianbao Wf Firmware-1 | 2024-11-21 | 9.8 Critical |
| China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | ||||