Total
3666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28579 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
| CVE-2022-28055 | 1 Fusionpbx | 1 Fusionpbx | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. | |||||
| CVE-2022-20799 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. | |||||
| CVE-2022-29080 | 1 Npm-dependency-versions Project | 1 Npm-dependency-versions | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | |||||
| CVE-2022-20693 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | |||||
| CVE-2022-23661 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-26213 | 1 Totolink | 2 X5000r, X5000r Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-27273 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2021-42969 | 1 Anaconda | 1 Anaconda3 | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed. | |||||
| CVE-2022-0557 | 1 Microweber | 1 Microweber | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-24065 | 2 Cookiecutter Project, Fedoraproject | 2 Cookiecutter, Fedora | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2021-34084 | 1 S3-uploader Project | 1 S3-uploader | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | |||||
| CVE-2021-42165 | 1 Mitrastar | 2 Gpt-2541gnac-n1, Gpt-2541gnac-n1 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | |||||
| CVE-2022-23665 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-26116 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | |||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-0848 | 1 Part-db Project | 1 Part-db | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | |||||
| CVE-2022-26147 | 1 Quectel | 2 Rg502q-ea, Rg502q-ea Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection. | |||||
| CVE-2022-23900 | 1 Wavlink | 2 Wl-wn531p3, Wl-wn531p3 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi. | |||||