Total
3853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32586 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-32572 | 1 Wwbn | 1 Avideo | 2024-11-21 | N/A | 8.8 HIGH |
| An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-32534 | 1 Bosch | 2 Pra-es8p2s, Pra-es8p2s Firmware | 2024-11-21 | 10.0 HIGH | 8.8 HIGH |
| The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands. | |||||
| CVE-2022-32212 | 4 Debian, Fedoraproject, Nodejs and 1 more | 4 Debian Linux, Fedora, Node.js and 1 more | 2024-11-21 | N/A | 8.1 HIGH |
| A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | |||||
| CVE-2022-32092 | 1 Dlink | 2 Dir-645, Dir-645 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | |||||
| CVE-2022-32054 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. | |||||
| CVE-2022-31898 | 1 Gl-inet | 4 Gl-ax1800, Gl-ax1800 Firmware, Gl-mt300n-v2 and 1 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were discovered to contain multiple command injection vulnerabilities via the ping_addr and trace_addr function parameters. | |||||
| CVE-2022-31885 | 1 Marvalglobal | 1 Marval Msm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. | |||||
| CVE-2022-31814 | 1 Netgate | 1 Pfblockerng | 2024-11-21 | N/A | 9.8 CRITICAL |
| pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. | |||||
| CVE-2022-31795 | 1 Fujitsu | 2 Eternus Cs8000, Eternus Cs8000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. | |||||
| CVE-2022-31794 | 1 Fujitsu | 2 Eternus Cs8000, Eternus Cs8000 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands. | |||||
| CVE-2022-31767 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. | |||||
| CVE-2022-31499 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | |||||
| CVE-2022-31486 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | |||||
| CVE-2022-31479 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-11-21 | 10.0 HIGH | 9.6 CRITICAL |
| An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem. | |||||
| CVE-2022-31446 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | |||||
| CVE-2022-31311 | 1 Wavlink | 2 Aerial X 1200m, Aerial X 1200m Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-31249 | 1 Suse | 1 Wrangler | 2024-11-21 | N/A | 7.5 HIGH |
| A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. | |||||
| CVE-2022-31245 | 1 Mailcow | 1 Mailcow\ | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. | |||||
| CVE-2022-31232 | 1 Dell | 1 Smartfabric Storage Software | 2024-11-21 | N/A | 8.6 HIGH |
| SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | |||||