Total
4566 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34349 | 1 Qnap | 1 Qvr | 2024-11-21 | 7.2 High |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | ||||
| CVE-2021-34348 | 1 Qnap | 1 Qvr | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.5 build 20210803 and later | ||||
| CVE-2021-34111 | 1 Thecus | 2 N4800eco, N4800eco Firmware | 2024-11-21 | 9.8 Critical |
| Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. | ||||
| CVE-2021-34084 | 1 S3-uploader Project | 1 S3-uploader | 2024-11-21 | 9.8 Critical |
| OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | ||||
| CVE-2021-34083 | 1 Google-it Project | 1 Google-it | 2024-11-21 | 8.1 High |
| Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE. | ||||
| CVE-2021-34082 | 1 Proctree Project | 1 Proctree | 2024-11-21 | 9.8 Critical |
| OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. | ||||
| CVE-2021-34081 | 1 Gitsome Project | 1 Gitsome | 2024-11-21 | 8.8 High |
| OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. | ||||
| CVE-2021-34080 | 1 Ssl-utils Project | 1 Ssl-utils | 2024-11-21 | 9.8 Critical |
| OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | ||||
| CVE-2021-34079 | 1 Docker-tester Project | 1 Docker-tester | 2024-11-21 | 9.8 Critical |
| OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. | ||||
| CVE-2021-34078 | 1 Adp | 1 Lifion-verifiy-dependencies | 2024-11-21 | 8.8 High |
| lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | ||||
| CVE-2021-33962 | 1 Chinamobileltd | 2 An Lianbao Wf-1, An Lianbao Wf Firmware-1 | 2024-11-21 | 9.8 Critical |
| China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | ||||
| CVE-2021-33841 | 1 Circutor | 2 Sge-plc1000, Sge-plc1000 Firmware | 2024-11-21 | 10 Critical |
| SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. | ||||
| CVE-2021-33827 | 1 Owncloud | 1 Files Antivirus | 2024-11-21 | 7.2 High |
| The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | ||||
| CVE-2021-33721 | 1 Siemens | 1 Sinec Network Management System | 2024-11-21 | 7.2 High |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. | ||||
| CVE-2021-33633 | 2024-11-21 | 7.3 High | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1. | ||||
| CVE-2021-33554 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-33553 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-33552 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-33551 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2021-33550 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2024-11-21 | 7.2 High |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | ||||