Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46304 | 1 Changingtec | 1 Servisign | 2024-02-28 | N/A | 8.8 HIGH |
| ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service. | |||||
| CVE-2023-20007 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-02-28 | N/A | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition. | |||||
| CVE-2022-45942 | 1 Baijiacms Project | 1 Baijiacms | 2024-02-28 | N/A | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | |||||
| CVE-2022-45768 | 1 Edimax | 2 Br-6428ns, Br-6428ns Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function. | |||||
| CVE-2022-42496 | 1 Kujirahand | 1 Nadesiko3 | 2024-02-28 | N/A | 9.8 CRITICAL |
| OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. | |||||
| CVE-2023-20015 | 1 Cisco | 39 Firepower 4100, Firepower 4110, Firepower 4112 and 36 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges. | |||||
| CVE-2022-31249 | 1 Suse | 1 Wrangler | 2024-02-28 | N/A | 9.8 CRITICAL |
| A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. | |||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-47853 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | |||||
| CVE-2022-42140 | 1 Deltaww | 2 Dx-2100-l1-cn, Dx-2100-l1-cn Firmware | 2024-02-28 | N/A | 7.2 HIGH |
| Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. | |||||
| CVE-2022-45005 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. | |||||
| CVE-2022-2024 | 1 Gogs | 1 Gogs | 2024-02-28 | N/A | 9.8 CRITICAL |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. | |||||
| CVE-2022-48252 | 1 Pi.alert Project | 1 Pi.alert | 2024-02-28 | N/A | 9.8 CRITICAL |
| The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. | |||||
| CVE-2022-37900 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2024-02-28 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-30303 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | N/A | 8.8 HIGH |
| AnĀ improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. | |||||
| CVE-2022-44456 | 1 Contec | 1 Conprosys Hmi System | 2024-02-28 | N/A | 9.8 CRITICAL |
| CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | |||||
| CVE-2022-2251 | 1 Gitlab | 1 Runner | 2024-02-28 | N/A | 8.0 HIGH |
| Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. | |||||
| CVE-2022-45025 | 1 Markdown Preview Enhanced Project | 1 Markdown Preview Enhanced | 2024-02-28 | N/A | 9.8 CRITICAL |
| Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. | |||||
| CVE-2022-42484 | 2 Freshtomato, Siretta | 3 Freshtomato, Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-32692 | 2 Activitywatch, Apple | 2 Activitywatch, Macos | 2024-02-28 | N/A | 9.6 CRITICAL |
| Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the `printAppTitle.scpt` file. | |||||