• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-78

CVE-2021-45602

February 23, 2023 by

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.

CVE-2021-44981

February 23, 2023 by

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(”); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(”); function, which allows for privilege escalation by means of RCE.

CVE-2021-44827

February 23, 2023 by

There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges.

CVE-2021-44684

February 23, 2023 by

naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.

CVE-2021-44685

February 23, 2023 by

Git-it through 4.4.0 allows OS command injection at the Branches Aren’t Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).

CVE-2021-44453

February 23, 2023 by

mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 214
  • Go to page 215
  • Go to page 216
  • Go to page 217
  • Go to page 218
  • Interim pages omitted …
  • Go to page 342
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE