ReportizFlow
Filtered by vendor
Subscriptions
Total
2191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44620 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 9.8 Critical |
| A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. | ||||
| CVE-2021-44520 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 8.8 High |
| In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | ||||
| CVE-2021-44247 | 1 Totolink | 6 A3100r, A3100r Firmware, A720r and 3 more | 2024-11-21 | 9.8 Critical |
| Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. | ||||
| CVE-2021-44132 | 1 C-data Onu4ferw Project | 2 C-data Onu4ferw, C-data Onu4ferw Firmware | 2024-11-21 | 7.8 High |
| A command injection vulnerability in the function formImportOMCIShell of C-DATA ONU4FERW V2.1.13_X139 allows attackers to execute arbitrary commands via a crafted file. | ||||
| CVE-2021-44079 | 1 Wazuh | 1 Wazuh | 2024-11-21 | 9.8 Critical |
| In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | ||||
| CVE-2021-44051 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 8.8 High |
| A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later | ||||
| CVE-2021-43818 | 6 Debian, Fedoraproject, Lxml and 3 more | 16 Debian Linux, Fedora, Lxml and 13 more | 2024-11-21 | 8.2 High |
| lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. | ||||
| CVE-2021-43711 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2024-11-21 | 9.8 Critical |
| The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution. | ||||
| CVE-2021-43664 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 8.1 High |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | ||||
| CVE-2021-43663 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 7.5 High |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | ||||
| CVE-2021-43589 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Xt Operating Environment, Emc Unityvsa Operating Environment | 2024-11-21 | 6 Medium |
| Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. | ||||
| CVE-2021-43557 | 1 Apache | 1 Apisix | 2024-11-21 | 7.5 High |
| The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin. | ||||
| CVE-2021-43474 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
| An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | ||||
| CVE-2021-43469 | 1 Vinga | 2 Wr-n300u, Wr-n300u Firmware | 2024-11-21 | 8.8 High |
| VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | ||||
| CVE-2021-43339 | 1 Ericsson | 1 Network Location | 2024-11-21 | 8.8 High |
| In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created. | ||||
| CVE-2021-43319 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | ||||
| CVE-2021-43286 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 8.8 High |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code. | ||||
| CVE-2021-43163 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. | ||||
| CVE-2021-43162 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. | ||||
| CVE-2021-43161 | 1 Ruijienetworks | 6 Reyeeos, Rg-ew1200, Rg-ew1200g Pro and 3 more | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. | ||||