Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-44080 | 1 Sercomm | 2 H500s, H500s Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. | |||||
CVE-2022-29937 | 1 Usu | 1 Oracle Optimization | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | |||||
CVE-2022-26290 | 1 Tenda | 2 M3, M3 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. | |||||
CVE-2022-1356 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. | |||||
CVE-2022-31486 | 2 Carrier, Hidglobal | 28 Lenels2 Lnl-4420, Lenels2 Lnl-4420 Firmware, Lenels2 Lnl-x2210 and 25 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | |||||
CVE-2022-27188 | 1 Yokogawa | 2 B\/m9000 Vp, Centum Vp | 2024-02-28 | 4.4 MEDIUM | 7.8 HIGH |
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | |||||
CVE-2022-26265 | 1 Contao | 1 Contao | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. | |||||
CVE-2022-26991 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
CVE-2022-31767 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. | |||||
CVE-2022-26420 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
CVE-2022-23666 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
CVE-2022-28905 | 1 Totolink | 2 N600r, N600r Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | |||||
CVE-2022-28581 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2021-45966 | 1 Pascom | 1 Cloud Phone System | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. | |||||
CVE-2021-34078 | 1 Adp | 1 Lifion-verifiy-dependencies | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | |||||
CVE-2022-28571 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2024-02-28 | 5.8 MEDIUM | 9.8 CRITICAL |
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | |||||
CVE-2022-26993 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
CVE-2021-44827 | 1 Tp-link | 2 Archer C20i, Archer C20i Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
There is remote authenticated OS command injection on TP-Link Archer C20i 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n devices vie the X_TP_ExternalIPv6Address HTTP parameter, allowing a remote attacker to run arbitrary commands on the router with root privileges. | |||||
CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
CVE-2022-31245 | 1 Mailcow | 1 Mailcow\ | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. |