Total
3597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34722 | 1 Cisco | 44 8101-32fh, 8101-32h, 8102-64h and 41 more | 2023-11-07 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34721 | 1 Cisco | 44 8101-32fh, 8101-32h, 8102-64h and 41 more | 2023-11-07 | 6.9 MEDIUM | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34719 | 1 Cisco | 46 8101-32fh, 8101-32h, 8102-64h and 43 more | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34710 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-33554 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33553 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33552 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33551 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33550 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33548 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33544 | 1 Geutebrueck | 32 G-cam Ebc-2110, G-cam Ebc-2110 Firmware, G-cam Ebc-2111 and 29 more | 2023-11-07 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple camera devices by UDP Technology, Geutebrück and other vendors are vulnerable to command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2021-33191 | 1 Apache | 1 Nifi Minifi C\+\+ | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0 | |||||
| CVE-2021-32830 | 1 Haikuforteams | 1 Diez | 2023-11-07 | 6.8 MEDIUM | 7.0 HIGH |
| The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. All versions of this package are vulnerable as of the writing of this CVE. | |||||
| CVE-2021-32749 | 2 Fail2ban, Fedoraproject | 2 Fail2ban, Fedora | 2023-11-07 | 6.8 MEDIUM | 8.1 HIGH |
| fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from mailutils package used in mail actions like `mail-whois` can execute command if unescaped sequences (`\n~`) are available in "foreign" input (for instance in whois output). To exploit the vulnerability, an attacker would need to insert malicious characters into the response sent by the whois server, either via a MITM attack or by taking over a whois server. The issue is patched in versions 0.10.7 and 0.11.3. As a workaround, one may avoid the usage of action `mail-whois` or patch the vulnerability manually. | |||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2023-11-07 | 9.3 HIGH | 7.8 HIGH |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | |||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2023-11-07 | 9.0 HIGH | 9.1 CRITICAL |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||
| CVE-2021-29369 | 1 Gnuplot Project | 1 Gnuplot | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands. | |||||
| CVE-2021-27692 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input. | |||||
| CVE-2021-27691 | 1 Tendacn | 6 G0, G0 Firmware, G1 and 3 more | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input. | |||||
| CVE-2021-22502 | 1 Microfocus | 1 Operation Bridge Reporter | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. | |||||