Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24433 | 1 Simple-git Project | 1 Simple-git | 2022-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. | |||||
| CVE-2022-20054 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2022-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. | |||||
| CVE-2021-44735 | 1 Lexmark | 236 B2236, B2236 Firmware, B2338 and 233 more | 2022-03-17 | 10.0 HIGH | 9.8 CRITICAL |
| Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07. | |||||
| CVE-2021-46231 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. | |||||
| CVE-2021-46232 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. | |||||
| CVE-2021-46233 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | |||||
| CVE-2021-46452 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. | |||||
| CVE-2021-46453 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. | |||||
| CVE-2021-46454 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. | |||||
| CVE-2021-46228 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | |||||
| CVE-2021-46230 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | |||||
| CVE-2021-46227 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | |||||
| CVE-2021-45998 | 1 Dlink | 2 Dir-882, Dir-882 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | |||||
| CVE-2021-46229 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | |||||
| CVE-2021-46226 | 1 Dlink | 2 Di-7200gv2, Di-7200gv2 Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | |||||
| CVE-2021-46455 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. | |||||
| CVE-2021-46456 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. | |||||
| CVE-2021-46457 | 1 Dlink | 2 Dir-823 Pro, Dir-823 Pro Firmware | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. | |||||
| CVE-2022-25809 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2022-03-09 | 9.0 HIGH | 9.8 CRITICAL |
| Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | |||||
| CVE-2021-39363 | 1 Honeywell | 4 Hbw2per1, Hbw2per1 Firmware, Hdzp252di and 1 more | 2022-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ARP cache poisoning has been achieved. | |||||