CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2021-28480 Exec Code 2021-04-13 2021-04-14
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483.
402 CVE-2021-28151 78 2021-05-06 2021-05-13
9.0
None Remote Low ??? Complete Complete Complete
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
403 CVE-2021-28144 77 2021-03-11 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely.
404 CVE-2021-27944 77 Exec Code 2021-08-26 2021-09-01
10.0
None Remote Low Not required Complete Complete Complete
Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. The specific attack methodology is a file upload.
405 CVE-2021-27928 78 Exec Code Sql 2021-03-19 2021-05-26
9.0
None Remote Low ??? Complete Complete Complete
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
406 CVE-2021-27878 287 Exec Code +Priv 2021-03-01 2021-03-08
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
407 CVE-2021-27850 502 Exec Code Bypass 2021-04-15 2021-06-02
10.0
None Remote Low Not required Complete Complete Complete
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL. An attacker was able to download the file `AppModule.class` by requesting the URL `http://localhost:8080/assets/something/services/AppModule.class` which contains a HMAC secret key. The fix for that bug was a blacklist filter that checks if the URL ends with `.class`, `.properties` or `.xml`. Bypass: Unfortunately, the blacklist solution can simply be bypassed by appending a `/` at the end of the URL: `http://localhost:8080/assets/something/services/AppModule.class/` The slash is stripped after the blacklist check and the file `AppModule.class` is loaded into the response. This class usually contains the HMAC secret key which is used to sign serialized Java objects. With the knowledge of that key an attacker can sign a Java gadget chain that leads to RCE (e.g. CommonsBeanUtils1 from ysoserial). Solution for this vulnerability: * For Apache Tapestry 5.4.0 to 5.6.1, upgrade to 5.6.2 or later. * For Apache Tapestry 5.7.0, upgrade to 5.7.1 or later.
408 CVE-2021-27710 78 Exec Code 2021-04-14 2021-04-21
10.0
None Remote Low Not required Complete Complete Complete
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.
409 CVE-2021-27708 78 Exec Code 2021-04-14 2021-04-21
10.0
None Remote Low Not required Complete Complete Complete
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.
410 CVE-2021-27692 78 Exec Code 2021-04-16 2021-04-23
10.0
None Remote Low Not required Complete Complete Complete
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.
411 CVE-2021-27691 78 Exec Code 2021-04-16 2021-04-23
10.0
None Remote Low Not required Complete Complete Complete
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.
412 CVE-2021-27663 863 2021-08-30 2021-09-07
9.3
None Remote Medium Not required Complete Complete Complete
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5.
413 CVE-2021-27561 77 2021-10-15 2021-10-21
10.0
None Remote Low Not required Complete Complete Complete
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
414 CVE-2021-27556 78 Exec Code 2021-08-31 2021-09-03
9.0
None Remote Low ??? Complete Complete Complete
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
415 CVE-2021-27452 798 2021-03-25 2021-03-29
10.0
None Remote Low Not required Complete Complete Complete
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
416 CVE-2021-27391 120 Exec Code Overflow 2021-09-14 2021-09-28
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
417 CVE-2021-27372 522 Exec Code 2021-03-25 2021-03-30
10.0
None Remote Low Not required Complete Complete Complete
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.
418 CVE-2021-27329 918 2021-02-18 2021-02-26
10.0
None Remote Low Not required Complete Complete Complete
Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
419 CVE-2021-27274 434 Exec Code 2021-03-29 2021-03-30
10.0
None Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.
420 CVE-2021-27273 78 Exec Code Bypass 2021-03-29 2021-03-30
9.0
None Remote Low ??? Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121.
421 CVE-2021-27245 693 Exec Code Bypass 2021-03-29 2021-04-01
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SSH connections. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-12309.
422 CVE-2021-27198 434 Exec Code 2021-02-26 2021-09-14
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.
423 CVE-2021-27171 787 2021-02-10 2021-02-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux telnetd as root on port 26/tcp by using the CLI interface commands of ddd and shell (or tshell).
424 CVE-2021-27113 78 2021-04-14 2021-04-20
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.
425 CVE-2021-27104 78 Exec Code 2021-02-16 2021-02-17
10.0
None Remote Low Not required Complete Complete Complete
Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. The fixed version is FTA_9_12_380 and later.
426 CVE-2021-27084 Exec Code 2021-03-11 2021-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
427 CVE-2021-27083 Exec Code 2021-03-11 2021-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
428 CVE-2021-27082 Exec Code 2021-03-11 2021-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability
429 CVE-2021-27081 Exec Code 2021-03-11 2021-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
430 CVE-2021-27070 269 2021-03-11 2021-03-24
9.3
None Remote Medium Not required Complete Complete Complete
Windows 10 Update Assistant Elevation of Privilege Vulnerability
431 CVE-2021-27058 Exec Code 2021-03-11 2021-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office ClickToRun Remote Code Execution Vulnerability
432 CVE-2021-27031 416 2021-04-19 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
433 CVE-2021-27030 22 Exec Code Dir. Trav. 2021-04-19 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
434 CVE-2021-26990 862 2021-03-19 2021-03-23
9.4
None Remote Low Not required None Complete Complete
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a remote attacker to overwrite arbitrary system files.
435 CVE-2021-26963 Exec Code 2021-03-05 2021-03-11
9.0
None Remote Low ??? Complete Complete Complete
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
436 CVE-2021-26962 77 Exec Code 2021-03-05 2021-03-11
9.0
None Remote Low ??? Complete Complete Complete
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to full system compromise.
437 CVE-2021-26915 502 Exec Code 2021-02-08 2021-02-24
9.3
None Remote Medium Not required Complete Complete Complete
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet.
438 CVE-2021-26914 502 Exec Code 2021-02-08 2021-05-21
9.3
None Remote Medium Not required Complete Complete Complete
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
439 CVE-2021-26913 502 Exec Code 2021-02-08 2021-02-23
9.3
None Remote Medium Not required Complete Complete Complete
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet.
440 CVE-2021-26912 502 Exec Code 2021-02-08 2021-02-23
9.3
None Remote Medium Not required Complete Complete Complete
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.
441 CVE-2021-26897 Exec Code 2021-03-11 2021-09-13
10.0
None Remote Low Not required Complete Complete Complete
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895.
442 CVE-2021-26895 Exec Code 2021-03-11 2021-03-18
10.0
None Remote Low Not required Complete Complete Complete
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26897.
443 CVE-2021-26894 Exec Code 2021-03-11 2021-09-13
10.0
None Remote Low Not required Complete Complete Complete
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26895, CVE-2021-26897.
444 CVE-2021-26810 94 2021-03-30 2021-04-06
10.0
None Remote Low Not required Complete Complete Complete
D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. An HTTP request parameter can be used in command string construction in the handler function of the /goform/dir_setWanWifi, which can lead to command injection via shell metacharacters in the statuscheckpppoeuser parameter.
445 CVE-2021-26758 269 Exec Code +Priv 2021-04-07 2021-04-12
9.0
None Remote Low ??? Complete Complete Complete
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.
446 CVE-2021-26754 89 Sql 2021-02-08 2021-02-09
10.0
None Remote Low Not required Complete Complete Complete
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.
447 CVE-2021-26747 78 Exec Code 2021-02-18 2021-02-24
10.0
None Remote Low Not required Complete Complete Complete
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
448 CVE-2021-26724 78 Exec Code 2021-02-22 2021-02-26
9.0
None Remote Low ??? Complete Complete Complete
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. This issue affects: Nozomi Networks Guardian 20.0.7.3 version 20.0.7.3 and prior versions. Nozomi Networks CMC 20.0.7.3 version 20.0.7.3 and prior versions.
449 CVE-2021-26709 787 Overflow 2021-04-07 2021-04-20
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** D-Link DSL-320B-D1 devices through EU_1.25 are prone to multiple Stack-Based Buffer Overflows that allow unauthenticated remote attackers to take over a device via the login.xgi user and pass parameters. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
450 CVE-2021-26684 77 Exec Code 2021-02-23 2021-02-27
9.0
None Remote Low ??? Complete Complete Complete
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.