Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2023-02-07 | N/A | 9.8 CRITICAL |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||
| CVE-2022-48175 | 1 Rukovoditel | 1 Rukovoditel | 2023-02-07 | N/A | 9.8 CRITICAL |
| Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | |||||
| CVE-2022-48108 | 1 Dlink | 2 Dir 878, Dir 878 Firmware | 2023-02-06 | N/A | 9.8 CRITICAL |
| D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | |||||
| CVE-2021-41144 | 1 Openmage | 1 Magento | 2023-02-06 | N/A | 8.8 HIGH |
| OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue. | |||||
| CVE-2021-41143 | 1 Openmage | 1 Magento | 2023-02-06 | N/A | 7.2 HIGH |
| OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue. | |||||
| CVE-2021-39217 | 1 Openmage | 1 Magento | 2023-02-03 | N/A | 7.2 HIGH |
| OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue. | |||||
| CVE-2022-37718 | 1 Edgenexus | 1 Application Delivery Controller | 2023-02-03 | N/A | 8.8 HIGH |
| The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors | |||||
| CVE-2021-26731 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2023-02-03 | N/A | 9.8 CRITICAL |
| Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2019-5446 | 1 Ui | 12 Edgeswitch Firmware, Ep-s16., Es-12f and 9 more | 2023-02-02 | 9.0 HIGH | 7.2 HIGH |
| Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. | |||||
| CVE-2022-25962 | 1 Vagrant.js Project | 1 Vagrant.js | 2023-02-02 | N/A | 9.8 CRITICAL |
| All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. | |||||
| CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2023-02-02 | N/A | 9.8 CRITICAL |
| All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
| CVE-2018-3963 | 1 Getcujo | 1 Smart Firewall | 2023-02-02 | 7.7 HIGH | 8.0 HIGH |
| An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry. | |||||
| CVE-2020-22662 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2023-02-01 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI. | |||||
| CVE-2014-4982 | 1 Xorux | 1 Lpar2rrd | 2023-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server. | |||||
| CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2023-02-01 | N/A | 7.8 HIGH |
| All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | |||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2023-02-01 | N/A | 7.8 HIGH |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |||||
| CVE-2019-17361 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2023-01-31 | 6.8 MEDIUM | 9.8 CRITICAL |
| In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. | |||||
| CVE-2023-22884 | 1 Apache | 2 Airflow, Airflow Mysql Provider | 2023-01-31 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | |||||
| CVE-2022-48123 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-01-26 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | |||||
| CVE-2022-48125 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-01-26 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | |||||