Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24389 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-25 | 9.0 HIGH | 8.8 HIGH |
| Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-24388 | 1 Fidelissecurity | 2 Deception, Network | 2022-05-25 | 9.0 HIGH | 8.8 HIGH |
| Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability. | |||||
| CVE-2022-25865 | 1 Microsoft | 1 Workspace-tools | 2022-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection. | |||||
| CVE-2022-29303 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2022-05-20 | 10.0 HIGH | 9.8 CRITICAL |
| SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. | |||||
| CVE-2022-23935 | 1 Exiftool Project | 1 Exiftool | 2022-05-19 | 7.6 HIGH | 7.8 HIGH |
| lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. | |||||
| CVE-2022-28912 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | |||||
| CVE-2022-28913 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | |||||
| CVE-2022-28911 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | |||||
| CVE-2022-28910 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | |||||
| CVE-2022-28907 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | |||||
| CVE-2022-28909 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. | |||||
| CVE-2022-28908 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | |||||
| CVE-2022-28906 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. | |||||
| CVE-2022-28905 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | |||||
| CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | |||||
| CVE-2022-28901 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-28896 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-28895 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2022-22454 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server On Cloud, Linux Kernel and 1 more | 2022-05-16 | 7.2 HIGH | 7.8 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||||
| CVE-2021-44051 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2022-05-13 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later | |||||