Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21165 | 1 Font Converter Project | 1 Font Converter | 2022-09-02 | N/A | 9.8 CRITICAL |
| All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. | |||||
| CVE-2021-3020 | 1 Clusterlabs | 1 Hawk | 2022-09-02 | N/A | 8.8 HIGH |
| An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. | |||||
| CVE-2022-23673 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-09-01 | 9.0 HIGH | 7.2 HIGH |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23672 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-09-01 | 9.0 HIGH | 7.2 HIGH |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-36554 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2022-37057 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | |||||
| CVE-2022-36756 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-37053 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-38511 | 1 Totolink | 2 A810r, A810r Firmware | 2022-09-01 | N/A | 7.8 HIGH |
| TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | |||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2022-09-01 | N/A | 9.8 CRITICAL |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | |||||
| CVE-2022-24552 | 1 Starwindsoftware | 2 Nas, San | 2022-08-31 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633. | |||||
| CVE-2022-2234 | 1 Myscada | 1 Mypro | 2022-08-30 | N/A | 8.8 HIGH |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | |||||
| CVE-2022-37070 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2022-08-29 | N/A | 9.8 CRITICAL |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-36510 | 1 H3c | 2 Gr2200, Gr2200 Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-36455 | 1 Totolink | 2 A3600r, A3600r Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | |||||
| CVE-2022-36509 | 1 H3c | 2 Gr3200, Gr3200 Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-37078 | 1 Totolink | 2 A7000r, A7000r Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | |||||
| CVE-2022-37081 | 1 Totolink | 2 A7000r, A7000r Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | |||||
| CVE-2022-37079 | 1 Totolink | 2 A7000r, A7000r Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | |||||
| CVE-2022-37083 | 1 Totolink | 2 A7000r, A7000r Firmware | 2022-08-26 | N/A | 7.8 HIGH |
| TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | |||||