Filtered by vendor
Subscriptions
Total
2191 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-45539 | 1 Netgear | 24 Mr60, Mr60 Firmware, Ms60 and 21 more | 2024-11-21 | 8.4 High |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106. | ||||
CVE-2021-45538 | 1 Netgear | 16 Rax75, Rax75 Firmware, Rax80 and 13 more | 2024-11-21 | 8.4 High |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | ||||
CVE-2021-45537 | 1 Netgear | 17 Rax200, Rax200 Firmware, Rax75 and 14 more | 2024-11-21 | 8.4 High |
Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | ||||
CVE-2021-45536 | 1 Netgear | 16 Rax75, Rax75 Firmware, Rax80 and 13 more | 2024-11-21 | 8.4 High |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | ||||
CVE-2021-45535 | 1 Netgear | 17 Rax200, Rax200 Firmware, Rax75 and 14 more | 2024-11-21 | 8.4 High |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6. | ||||
CVE-2021-45534 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2024-11-21 | 7.8 High |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88. | ||||
CVE-2021-45533 | 1 Netgear | 18 Ex3700, Ex3700 Firmware, Ex3800 and 15 more | 2024-11-21 | 8.4 High |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9. | ||||
CVE-2021-45532 | 1 Netgear | 2 R8000, R8000 Firmware | 2024-11-21 | 6.7 Medium |
NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user. | ||||
CVE-2021-45531 | 1 Netgear | 2 D6220, D6220 Firmware | 2024-11-21 | 7.1 High |
NETGEAR D6220 devices before 1.0.0.76 are affected by command injection by an authenticated user. | ||||
CVE-2021-45514 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-11-21 | 9.6 Critical |
NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. | ||||
CVE-2021-45513 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-11-21 | 9.6 Critical |
NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. | ||||
CVE-2021-45459 | 1 Node-windows Project | 1 Node-windows | 2024-11-21 | 9.8 Critical |
lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. | ||||
CVE-2021-45456 | 1 Apache | 1 Kylin | 2024-11-21 | 9.8 Critical |
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. There is a mismatch between what is being checked and what is being used as the shell command argument in DiagnosisService. This may cause an illegal project name to pass the check and perform the following steps, resulting in a command injection vulnerability. This issue affects Apache Kylin 4.0.0. | ||||
CVE-2021-45444 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.8 High |
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. | ||||
CVE-2021-45401 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2024-11-21 | 9.8 Critical |
A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused because the client controlled "deviceName" value is passed directly to the "doSystemCmd" function. | ||||
CVE-2021-45082 | 4 Cobbler Project, Fedoraproject, Opensuse and 1 more | 5 Cobbler, Fedora, Backports and 2 more | 2024-11-21 | 7.8 High |
An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | ||||
CVE-2021-44882 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-11-21 | 9.8 Critical |
D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
CVE-2021-44881 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-11-21 | 9.8 Critical |
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
CVE-2021-44880 | 1 Dlink | 4 Dir-878, Dir-878 Firmware, Dir-882 and 1 more | 2024-11-21 | 9.8 Critical |
D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | ||||
CVE-2021-44735 | 1 Lexmark | 236 B2236, B2236 Firmware, B2338 and 233 more | 2024-11-21 | 9.8 Critical |
Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. |