Total
4573 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3577 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 8.8 High |
| An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. | ||||
| CVE-2021-3515 | 1 2ndquadrant | 1 Pglogical | 2024-11-21 | 6.7 Medium |
| A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription(). | ||||
| CVE-2021-3459 | 1 Motorola | 2 Mm1000, Mm1000 Firmware | 2024-11-21 | 6.8 Medium |
| A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the adapter. | ||||
| CVE-2021-3342 | 1 Eprints | 1 Eprints | 2024-11-21 | 9.8 Critical |
| EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | ||||
| CVE-2021-3317 | 1 Klogserver | 1 Klog Server | 2024-11-21 | 8.8 High |
| KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter. | ||||
| CVE-2021-3291 | 1 Zen-cart | 1 Zen Cart | 2024-11-21 | 7.2 High |
| Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | ||||
| CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2024-11-21 | 6.5 Medium |
| By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | ||||
| CVE-2021-3190 | 1 Async-git Project | 1 Async-git | 2024-11-21 | 9.8 Critical |
| The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. | ||||
| CVE-2021-3149 | 1 Netshieldcorp | 2 Nano 25, Nano 25 Firmware | 2024-11-21 | 7.2 High |
| On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | ||||
| CVE-2021-3122 | 1 Ncr | 1 Command Center Agent | 2024-11-21 | 9.8 Critical |
| CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration." | ||||
| CVE-2021-3061 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2024-11-21 | 6.4 Medium |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue. | ||||
| CVE-2021-3060 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2024-11-21 | 8.1 High |
| An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue. | ||||
| CVE-2021-3059 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.1 High |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS management interface exists when performing dynamic updates. This vulnerability enables a man-in-the-middle attacker to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 Preferred or Prisma Access 2.1 Innovation firewalls are impacted by this issue. | ||||
| CVE-2021-3058 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. | ||||
| CVE-2021-3050 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.8 High |
| An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue. | ||||
| CVE-2021-3029 | 1 Evolucare | 1 Ecs Imaging | 2024-11-21 | 9.8 Critical |
| EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-39826 | 2 Adobe, Apple | 2 Digital Editions, Macos | 2024-11-21 | 8.6 High |
| Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file. | ||||
| CVE-2021-39474 | 1 Ubeeinteractive | 2 Ubc1319, Ubc1319 Firmware | 2024-11-21 | 7.2 High |
| Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device. | ||||
| CVE-2021-39459 | 1 Redaxo | 1 Redaxo | 2024-11-21 | 7.2 High |
| Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | ||||
| CVE-2021-39279 | 1 Moxa | 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more | 2024-11-21 | 8.8 High |
| Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. | ||||