Total
1397 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-22765 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 7.2 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2023-22762 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 7.2 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2023-22770 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 7.2 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2023-22769 | 1 Arubanetworks | 24 7010, 7030, 7205 and 21 more | 2023-03-03 | N/A | 7.2 HIGH |
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
CVE-2022-37130 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2023-03-03 | N/A | 9.8 CRITICAL |
In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | |||||
CVE-2022-48338 | 1 Gnu | 1 Emacs | 2023-03-03 | N/A | 7.3 HIGH |
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | |||||
CVE-2022-48339 | 1 Gnu | 1 Emacs | 2023-03-03 | N/A | 7.8 HIGH |
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | |||||
CVE-2019-14745 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | |||||
CVE-2022-24697 | 1 Apache | 1 Kylin | 2023-03-03 | N/A | 9.8 CRITICAL |
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier. | |||||
CVE-2022-45600 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2023-03-02 | N/A | 8.8 HIGH |
Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | |||||
CVE-2022-47909 | 1 Tribe29 | 1 Checkmk | 2023-03-02 | N/A | 7.8 HIGH |
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | |||||
CVE-2023-24184 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-03-02 | N/A | 9.8 CRITICAL |
TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. | |||||
CVE-2022-48337 | 2 Debian, Gnu | 2 Debian Linux, Emacs | 2023-03-02 | N/A | 9.8 CRITICAL |
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | |||||
CVE-2019-1010174 | 2 Cimg, Debian | 2 Cimg Library, Debian Linux | 2023-03-01 | 7.5 HIGH | 9.8 CRITICAL |
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. | |||||
CVE-2023-25805 | 1 Versionn Project | 1 Versionn | 2023-03-01 | N/A | 9.8 CRITICAL |
versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0. | |||||
CVE-2022-40021 | 1 Qvidium | 2 Amino A140, Amino A140 Firmware | 2023-03-01 | N/A | 9.8 CRITICAL |
QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | |||||
CVE-2022-3275 | 2 Fedoraproject, Puppet | 2 Fedora, Puppetlabs-mysql | 2023-02-28 | N/A | 9.8 CRITICAL |
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | |||||
CVE-2023-24238 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. | |||||
CVE-2023-24236 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. | |||||
CVE-2021-29154 | 4 Debian, Fedoraproject, Linux and 1 more | 20 Debian Linux, Fedora, Linux Kernel and 17 more | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. |