Total
1397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36642 | 1 Jobe Project | 1 Jobe | 2023-01-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability. | |||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2023-01-12 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2023-01-12 | N/A | 9.8 CRITICAL |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2021-4304 | 1 Ulcc-core Project | 1 Ulcc-core | 2023-01-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The name of the patch is 811edaae81eb044891594f00062a828f51b22cb1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217447. | |||||
| CVE-2022-43538 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-11 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43537 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-11 | N/A | 7.2 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43536 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-01-11 | N/A | 8.8 HIGH |
| Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2023-01-10 | N/A | 7.8 HIGH |
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | |||||
| CVE-2022-32665 | 1 Mediatek | 3 En7528, En7580, Linkit Software Development Kit | 2023-01-10 | N/A | 9.8 CRITICAL |
| In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124. | |||||
| CVE-2022-32664 | 1 Mediatek | 7 En7516, En7528, En7529 and 4 more | 2023-01-10 | N/A | 8.8 HIGH |
| In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929. | |||||
| CVE-2023-0039 | 1 Odude | 1 User Post Gallery | 2023-01-10 | N/A | 9.8 CRITICAL |
| The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator. | |||||
| CVE-2022-37898 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-01-09 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-43396 | 1 Apache | 1 Kylin | 2023-01-09 | N/A | 8.8 HIGH |
| In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf. | |||||
| CVE-2022-44621 | 1 Apache | 1 Kylin | 2023-01-09 | N/A | 9.8 CRITICAL |
| Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. | |||||
| CVE-2020-9862 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-01-09 | 6.8 MEDIUM | 7.8 HIGH |
| A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | |||||
| CVE-2017-20156 | 1 Printer Project | 1 Printer | 2023-01-06 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139. | |||||
| CVE-2022-45717 | 1 Ip-com | 2 M50, M50 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request. | |||||
| CVE-2020-15685 | 1 Mozilla | 1 Thunderbird | 2023-01-04 | N/A | 8.8 HIGH |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | |||||
| CVE-2022-46642 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-12-30 | N/A | 9.9 CRITICAL |
| D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. | |||||
| CVE-2022-46641 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2022-12-30 | N/A | 9.9 CRITICAL |
| D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. | |||||