CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2021-21050 125 Exec Code 2021-02-11 2021-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
152 CVE-2021-21049 125 Exec Code 2021-02-11 2021-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
153 CVE-2021-21048 788 Exec Code Mem. Corr. 2021-02-11 2021-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file
154 CVE-2021-21047 787 Exec Code 2021-02-11 2021-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
155 CVE-2021-21045 284 2021-02-11 2021-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.
156 CVE-2021-21044 787 Exec Code 2021-02-11 2021-02-14
9.3
None Remote Medium Not required Complete Complete Complete
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
157 CVE-2021-21018 78 Exec Code 2021-02-11 2021-02-16
9.0
None Remote Low ??? Complete Complete Complete
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the scheduled operation module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
158 CVE-2021-21016 78 Exec Code 2021-02-11 2021-02-16
9.0
None Remote Low ??? Complete Complete Complete
Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.
159 CVE-2021-20991 78 2021-04-19 2021-04-23
9.0
None Remote Low ??? Complete Complete Complete
In Fibaro Home Center 2 and Lite devices with firmware version 4.540 and older an authenticated user can run commands as root user using a command injection vulnerability.
160 CVE-2021-20987 787 DoS Mem. Corr. 2021-02-16 2021-05-13
9.0
None Remote Low Not required Partial Partial Complete
A denial of service and memory corruption vulnerability was found in Hilscher EtherNet/IP Core V2 prior to V2.13.0.21that may lead to code injection through network or make devices crash without recovery.
161 CVE-2021-20711 78 Exec Code 2021-04-26 2021-04-30
10.0
None Remote Low Not required Complete Complete Complete
Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
162 CVE-2021-20696 78 Exec Code 2021-04-26 2021-05-03
9.0
None Remote Low ??? Complete Complete Complete
DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbitrary OS commands by sending a specially crafted request to a specific CGI program.
163 CVE-2021-20695 269 +Priv 2021-04-26 2021-05-03
9.0
None Remote Low ??? Complete Complete Complete
Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.
164 CVE-2021-20682 78 Exec Code 2021-03-26 2021-03-29
9.0
None Remote Low ??? Complete Complete Complete
baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.
165 CVE-2021-20658 78 Exec Code 2021-02-24 2021-03-01
10.0
None Remote Low Not required Complete Complete Complete
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.
166 CVE-2021-20655 78 Exec Code 2021-02-17 2021-02-22
9.0
None Remote Low ??? Complete Complete Complete
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
167 CVE-2021-20623 94 Exec Code 2021-02-05 2021-02-13
10.0
None Remote Low Not required Complete Complete Complete
Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.
168 CVE-2021-20618 269 +Priv Bypass +Info 2021-01-14 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
169 CVE-2021-20617 269 Exec Code +Priv +Info 2021-01-14 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
170 CVE-2021-20557 78 Exec Code 2021-05-24 2021-05-25
9.0
None Remote Low ??? Complete Complete Complete
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 199184.
171 CVE-2021-20385 Exec Code 2021-05-24 2021-05-25
9.0
None Remote Low ??? Complete Complete Complete
IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 195766.
172 CVE-2021-20078 22 DoS Dir. Trav. 2021-04-01 2021-04-06
9.4
None Remote Low Not required None Complete Complete
Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. This allows a remote attacker to remotely delete any directory or directories on the OS.
173 CVE-2021-20074 78 Exec Code 2021-02-16 2021-02-22
9.0
None Remote Low ??? Complete Complete Complete
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
174 CVE-2021-20026 78 2021-05-27 2021-06-08
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.
175 CVE-2021-20020 287 Exec Code 2021-04-10 2021-04-15
10.0
None Remote Low Not required Complete Complete Complete
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
176 CVE-2021-20017 78 Exec Code 2021-03-13 2021-03-19
9.0
None Remote Low ??? Complete Complete Complete
A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
177 CVE-2021-3466 120 Overflow 2021-03-25 2021-05-05
10.0
None Remote Low Not required Complete Complete Complete
A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
178 CVE-2021-3331 2021-01-27 2021-02-04
10.0
None Remote Low Not required Complete Complete Complete
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
179 CVE-2021-3291 78 Exec Code 2021-01-26 2021-03-09
9.0
None Remote Low ??? Complete Complete Complete
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.
180 CVE-2021-3273 94 2021-02-25 2021-03-02
9.0
None Remote Low ??? Complete Complete Complete
Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php component. To exploit this vulnerability, someone must have an admin user account in Nagios XI's web system.
181 CVE-2021-3210 79 Exec Code XSS 2021-02-19 2021-02-25
9.3
None Remote Medium Not required Complete Complete Complete
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.
182 CVE-2021-3191 2021-02-09 2021-02-26
9.0
None Remote Low ??? Complete Complete Complete
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Access for T0320L01^ABY and T0320L01^ACD, T0952L01^AAR through T0952L01^AAX, and T0986L01^AAD through T0986L01^AAJ (L) and T0320H01^ABW through T0320H01^ACC, T0952H01^AAQ through T0952H01^AAW, and T0986H01^AAC through T0986H01^AAI (J and H).
183 CVE-2021-3188 1236 2021-01-26 2021-02-03
10.0
None Remote Low Not required Complete Complete Complete
phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.
184 CVE-2021-3149 78 2021-02-22 2021-04-15
9.0
None Remote Low ??? Complete Complete Complete
On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely.
185 CVE-2021-3122 78 Exec Code 2021-02-07 2021-02-09
10.0
None Remote Low Not required Complete Complete Complete
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter (within an XML document sent to port 8089) that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. NOTE: the vendor's position is that exploitation occurs only on devices with a certain "misconfiguration."
186 CVE-2021-3120 434 Exec Code 2021-02-22 2021-03-03
10.0
None Remote Low Not required Complete Complete Complete
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.
187 CVE-2021-3029 78 2021-01-07 2021-01-13
10.0
None Remote Low Not required Complete Complete Complete
** UNSUPPORTED WHEN ASSIGNED ** EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
188 CVE-2021-1910 415 2021-05-07 2021-05-12
10.0
None Remote Low Not required Complete Complete Complete
Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
189 CVE-2021-1805 787 Exec Code 2021-04-02 2021-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.
190 CVE-2021-1779 Exec Code 2021-04-02 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges.
191 CVE-2021-1767 119 Overflow 2021-04-02 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.
192 CVE-2021-1763 120 Exec Code Overflow 2021-04-02 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
193 CVE-2021-1759 125 Exec Code 2021-04-02 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
194 CVE-2021-1758 125 Exec Code 2021-04-02 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.
195 CVE-2021-1750 269 Exec Code 2021-04-02 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges.
196 CVE-2021-1745 125 Exec Code 2021-04-02 2021-04-12
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
197 CVE-2021-1744 787 Exec Code 2021-04-02 2021-04-12
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.
198 CVE-2021-1716 Exec Code 2021-01-12 2021-01-14
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715.
199 CVE-2021-1715 787 Exec Code 2021-01-12 2021-03-04
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1716.
200 CVE-2021-1711 Exec Code 2021-01-12 2021-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Remote Code Execution Vulnerability
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.