Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27270 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27269 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27268 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2021-43474 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2022-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | |||||
| CVE-2022-20665 | 1 Cisco | 4 Asr 5500, Asr 5700, Staros and 1 more | 2022-04-14 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device. | |||||
| CVE-2022-23900 | 1 Wavlink | 2 Wl-wn531p3, Wl-wn531p3 Firmware | 2022-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi. | |||||
| CVE-2020-6811 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | |||||
| CVE-2021-23247 | 1 Oppo | 1 Quick App | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine | |||||
| CVE-2022-24066 | 1 Simple-git Project | 1 Simple-git | 2022-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of git is also supported for git clone, which the prior fix didn't cover. | |||||
| CVE-2021-45082 | 4 Cobbler Project, Fedoraproject, Opensuse and 1 more | 5 Cobbler, Fedora, Backports and 2 more | 2022-04-08 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring. (Only lines beginning with #import are blocked.) | |||||
| CVE-2022-25619 | 1 Profelis | 1 Sambabox | 2022-04-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86. | |||||
| CVE-2021-43319 | 1 Zohocorp | 1 Manageengine Network Configuration Manager | 2022-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality. | |||||
| CVE-2021-43663 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2022-04-05 | 7.9 HIGH | 7.5 HIGH |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check. | |||||
| CVE-2021-43664 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2022-04-05 | 9.3 HIGH | 8.1 HIGH |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo. | |||||
| CVE-2021-43118 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2022-1030 | 3 Apple, Linux, Okta | 3 Macos, Linux Kernel, Advanced Server Access | 2022-04-01 | 9.3 HIGH | 8.8 HIGH |
| Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. | |||||
| CVE-2019-12921 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | |||||
| CVE-2022-22688 | 1 Synology | 1 Diskstation Manager | 2022-03-30 | 6.5 MEDIUM | 8.8 HIGH |
| Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2022-23881 | 1 Zzzcms | 1 Zzzphp | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. | |||||
| CVE-2021-45459 | 1 Node-windows Project | 1 Node-windows | 2022-03-29 | 7.5 HIGH | 9.8 CRITICAL |
| lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter. | |||||