Search Results (6780 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-27449 1 Mesalabs 1 Amegaview 2024-11-21 9.9 Critical
Mesa Labs AmegaView Versions 3.0 and prior has a command injection vulnerability that can be exploited to execute commands in the web server.
CVE-2021-27447 1 Mesalabs 1 Amegaview 2024-11-21 10 Critical
Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, which may allow an attacker to remotely execute arbitrary code.
CVE-2021-27290 4 Oracle, Redhat, Siemens and 1 more 6 Graalvm, Enterprise Linux, Rhel Eus and 3 more 2024-11-21 7.5 High
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
CVE-2021-27185 1 Samba-client Project 1 Samba-client 2024-11-21 9.8 Critical
The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.
CVE-2021-26931 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
CVE-2021-26728 1 Lannerinc 2 Iac-ast2500a, Iac-ast2500a Firmware 2024-11-21 10 Critical
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
CVE-2021-26576 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-11-21 7.8 High
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function.
CVE-2021-26321 1 Amd 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more 2024-11-21 5.5 Medium
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
CVE-2021-26311 1 Amd 65 Epyc 7232p, Epyc 7251, Epyc 7252 and 62 more 2024-11-21 7.2 High
In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
CVE-2021-26275 1 Eslint-fixer Project 1 Eslint-fixer 2024-11-21 9.8 Critical
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted
CVE-2021-25812 1 Chinamobile 2 An Lianbao Wf-1, An Lianbao Wf-1 Firmware 2024-11-21 9.8 Critical
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.
CVE-2021-25671 1 Siemens 6 Rwg1.m12, Rwg1.m12 Firmware, Rwg1.m12d and 3 more 2024-11-21 4.3 Medium
A vulnerability has been identified in RWG1.M12 (All versions < V1.16.16), RWG1.M12D (All versions < V1.16.16), RWG1.M8 (All versions < V1.16.16). Sending specially crafted ARP packets to an affected device could cause a partial denial-of-service, preventing the device to operate normally. A restart is needed to restore normal operations.
CVE-2021-25666 1 Siemens 4 Scalance W740, Scalance W740 Firmware, Scalance W780 and 1 more 2024-11-21 4.3 Medium
A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time.
CVE-2021-25423 1 Samsung 1 Watch Active2 Plugin 2024-11-21 5.5 Medium
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.
CVE-2021-25422 1 Samsung 1 Watch Active Plugin 2024-11-21 5.5 Medium
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-25421 1 Samsung 1 Galaxy Watch 3 Plugin 2024-11-21 5.5 Medium
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-25420 1 Samsung 1 Galaxy Watch Plugin 2024-11-21 5.5 Medium
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-25173 2 Opendesign, Siemens 4 Drawings Software Development Kit, Comos, Jt2go and 1 more 2024-11-21 7.8 High
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25172 1 Hpe 2 Apollo 70 System, Baseboard Management Controller 2024-11-21 7.8 High
The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function.
CVE-2021-24033 1 Facebook 1 React-dev-utils 2024-11-21 5.6 Medium
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.