Total
4869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32692 | 2 Activitywatch, Apple | 2 Activitywatch, Macos | 2024-11-21 | N/A | 9.6 CRITICAL |
| Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file. | |||||
| CVE-2021-32682 | 1 Std42 | 1 Elfinder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. | |||||
| CVE-2021-32673 | 1 Reg-keygen-git-hash Project | 1 Reg-keygen-git-hash | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue. | |||||
| CVE-2021-32605 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | |||||
| CVE-2021-32556 | 1 Canonical | 1 Apport | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | |||||
| CVE-2021-32534 | 1 Qsan | 1 Sanos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | |||||
| CVE-2021-32533 | 1 Qsan | 1 Sanos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0. | |||||
| CVE-2021-32531 | 1 Qsan | 1 Xevo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in Init function in QSAN XEVO allows remote attackers to execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | |||||
| CVE-2021-32530 | 1 Qsan | 1 Xevo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0. | |||||
| CVE-2021-32524 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document. | |||||
| CVE-2021-32513 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| QsanTorture in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32512 | 1 Qsan | 1 Storage Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| QuickInstall in QSAN Storage Manager does not filter special parameters properly that allows remote unauthenticated attackers to inject and execute arbitrary commands. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32475 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2021-32305 | 1 Websvn | 1 Websvn | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | |||||
| CVE-2021-32090 | 1 Localstack | 1 Localstack | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. | |||||
| CVE-2021-31915 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | |||||
| CVE-2021-31891 | 2 Debian, Siemens | 6 Debian Linux, Desigo Cc, Gma-manager and 3 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges. | |||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2024-11-21 | 9.3 HIGH | 7.7 HIGH |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | |||||
| CVE-2021-31838 | 1 Mcafee | 1 Mvision Edr | 2024-11-21 | 9.0 HIGH | 8.4 HIGH |
| A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | |||||
| CVE-2021-31799 | 3 Debian, Oracle, Ruby-lang | 4 Debian Linux, Jd Edwards Enterpriseone Tools, Rdoc and 1 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. | |||||