Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-46704 | 1 Genieacs | 1 Genieacs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. | |||||
CVE-2022-25263 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | |||||
CVE-2022-1703 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | |||||
CVE-2021-36287 | 1 Dell | 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. | |||||
CVE-2022-26207 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
CVE-2022-25084 | 1 Totolink | 2 T6, T6 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
CVE-2022-27268 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. | |||||
CVE-2022-27272 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet. | |||||
CVE-2022-26042 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
CVE-2022-25083 | 1 Totolink | 2 A860r, A860r Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
CVE-2022-23389 | 1 Publiccms | 1 Publiccms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | |||||
CVE-2022-27946 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | |||||
CVE-2021-46007 | 1 Totolink | 2 Ar3100r, Ar3100r Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. | |||||
CVE-2022-24237 | 1 Snapt | 1 Aria | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. | |||||
CVE-2022-31446 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | |||||
CVE-2022-24193 | 1 Icewhale | 1 Casaos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
CasaOS before v0.2.7 was discovered to contain a command injection vulnerability. | |||||
CVE-2022-28573 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. | |||||
CVE-2022-1986 | 1 Gogs | 1 Gogs | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | |||||
CVE-2022-25082 | 1 Totolink | 2 A950rg, A950rg Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
CVE-2022-25173 | 1 Jenkins | 1 Pipeline\ | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. |