Total
3665 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-0861 | 1 Netmodule | 10 Nb1601, Nb1800, Nb1810 and 7 more | 2024-02-28 | N/A | 8.8 HIGH |
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | |||||
CVE-2022-48122 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | |||||
CVE-2023-26213 | 1 Barracuda | 14 T100b, T100b Firmware, T193a and 11 more | 2024-02-28 | N/A | 7.2 HIGH |
On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. | |||||
CVE-2022-45506 | 1 Tenda | 2 W30e, W30e Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | |||||
CVE-2023-24422 | 1 Jenkins | 1 Script Security | 2024-02-28 | N/A | 8.8 HIGH |
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | |||||
CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||||
CVE-2022-41642 | 1 Kujirahand | 1 Nadesiko3 | 2024-02-28 | N/A | 9.8 CRITICAL |
OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. | |||||
CVE-2022-4515 | 2 Debian, Exuberant Ctags Project | 2 Debian Linux, Exuberant Ctags | 2024-02-28 | N/A | 7.8 HIGH |
A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. | |||||
CVE-2022-48121 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | |||||
CVE-2022-48126 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||
CVE-2022-40220 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-37912 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2024-02-28 | N/A | 8.8 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2022-40969 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 8.8 HIGH |
An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-45939 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Emacs | 2024-02-28 | N/A | 7.8 HIGH |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2022-40005 | 1 Intelbras | 2 Wifiber 120ac Inmesh, Wifiber 120ac Inmesh Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | |||||
CVE-2022-37901 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2024-02-28 | N/A | 7.2 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2022-37899 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2024-02-28 | N/A | 7.2 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2022-29843 | 1 Westerndigital | 16 My Cloud Dl2100, My Cloud Dl2100 Firmware, My Cloud Dl4100 and 13 more | 2024-02-28 | N/A | 9.8 CRITICAL |
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. | |||||
CVE-2022-45709 | 1 Ip-com | 2 M50, M50 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. | |||||
CVE-2022-43325 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input. |