Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | |||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package node-latex-pdf. | |||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2022-08-08 | N/A | 9.8 CRITICAL |
| This affects all versions of package curljs. | |||||
| CVE-2022-2323 | 1 Sonicwall | 14 Sws12-10fpoe, Sws12-10fpoe Firmware, Sws12-8 and 11 more | 2022-08-08 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions | |||||
| CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | |||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2022-08-05 | N/A | 9.8 CRITICAL |
| This affects the package image-tiler before 2.0.2. | |||||
| CVE-2020-7034 | 1 Avaya | 1 Session Border Controller For Enterprise | 2022-08-05 | 9.0 HIGH | 8.8 HIGH |
| A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges. Affected versions of Avaya Session Border Controller for Enterprise include 7.x, 8.0 through 8.1.1.x | |||||
| CVE-2020-28423 | 1 Monorepo-build Project | 1 Monorepo-build | 2022-08-05 | N/A | 9.8 CRITICAL |
| This affects all versions of package monorepo-build. | |||||
| CVE-2020-7795 | 1 Get-npm-package-version Project | 1 Get-npm-package-version | 2022-08-05 | N/A | 9.8 CRITICAL |
| The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. | |||||
| CVE-2020-15180 | 4 Debian, Galeracluster, Mariadb and 1 more | 4 Debian Linux, Galera Cluster For Mysql, Mariadb and 1 more | 2022-08-05 | 6.8 MEDIUM | 9.0 CRITICAL |
| A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6. | |||||
| CVE-2022-34527 | 1 Dlink | 2 Dsl-3782, Dsl-3782 Firmware | 2022-08-05 | N/A | 8.8 HIGH |
| D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | |||||
| CVE-2022-29558 | 1 Realtek | 1 Rtl819x Software Development Kit | 2022-08-04 | N/A | 8.8 HIGH |
| Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface. | |||||
| CVE-2016-4991 | 1 Nodepdf Project | 1 Nodepdf | 2022-08-04 | N/A | 9.8 CRITICAL |
| Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0. | |||||
| CVE-2020-28422 | 1 Git-archive Project | 1 Git-archive | 2022-08-01 | N/A | 7.8 HIGH |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. | |||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | |||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | |||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2022-08-01 | N/A | 9.8 CRITICAL |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | |||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2022-07-30 | N/A | 9.8 CRITICAL |
| This affects all versions of package google-cloudstorage-commands. | |||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2022-07-30 | N/A | 9.8 CRITICAL |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | |||||
| CVE-2021-1384 | 1 Cisco | 1 Ios Xe | 2022-07-29 | 8.5 HIGH | 7.2 HIGH |
| A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages loaded onto IOx. An attacker could exploit this vulnerability by creating a crafted application .tar file and loading it onto the device. A successful exploit could allow the attacker to perform command injection into the underlying operating system as the root user. | |||||