Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-77
Total 1397 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22750 1 Arubanetworks 2 Arubaos, Sd-wan 2023-03-10 N/A 9.8 CRITICAL
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2021-3855 1 Liman 1 Port Mys 2023-03-10 N/A 8.8 HIGH
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Liman Central Management System Liman MYS (HTTP/Controllers, CronMail, Jobs modules) allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462.
CVE-2023-22758 1 Arubanetworks 2 Arubaos, Sd-wan 2023-03-09 N/A 7.2 HIGH
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying operating system on the device running ArubaOS.
CVE-2023-22747 1 Arubanetworks 2 Arubaos, Sd-wan 2023-03-09 N/A 9.8 CRITICAL
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2021-4326 1 Linuxfoundation 1 Zowe 2023-03-09 N/A 7.8 HIGH
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI.
CVE-2018-1000802 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2023-03-09 7.5 HIGH 9.8 CRITICAL
Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.
CVE-2023-1097 1 Baicells 2 Eg7035-m11, Eg7035-m11 Firmware 2023-03-08 N/A 9.8 CRITICAL
Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.
CVE-2022-45462 1 Apache 1 Dolphinscheduler 2023-03-07 N/A 9.8 CRITICAL
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher
CVE-2023-26602 1 Asus 1 Asmb8-ikvm Firmware 2023-03-07 N/A 9.8 CRITICAL
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
CVE-2022-48259 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2023-03-07 N/A 9.8 CRITICAL
There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges.
CVE-2022-48255 1 Huawei 2 Bisheng-wnm, Bisheng-wnm Firmware 2023-03-07 N/A 9.8 CRITICAL
There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution.
CVE-2023-23080 1 Tenda 10 Cp3, Cp3 Firmware, Cp7 and 7 more 2023-03-07 N/A 9.8 CRITICAL
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908.
CVE-2023-23295 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2023-03-06 N/A 8.8 HIGH
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
CVE-2023-23294 1 Korenix 29 Jetwave 2111, Jetwave 2111 Firmware, Jetwave 2111l and 26 more 2023-03-06 N/A 8.8 HIGH
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
CVE-2022-46303 1 Tribe29 1 Checkmk 2023-03-06 N/A 7.5 HIGH
Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions.
CVE-2023-22767 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22768 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22766 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22763 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2023-22764 1 Arubanetworks 24 7010, 7030, 7205 and 21 more 2023-03-03 N/A 7.2 HIGH
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.