Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23663 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2022-08-29 | 9.0 HIGH | 9.1 CRITICAL |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-38132 | 1 Linksys | 2 Mr8300, Mr8300 Firmware | 2022-08-29 | N/A | 8.8 HIGH |
| Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. | |||||
| CVE-2022-32572 | 1 Wwbn | 1 Avideo | 2022-08-26 | N/A | 8.8 HIGH |
| An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-30534 | 1 Wwbn | 1 Avideo | 2022-08-26 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21809 | 1 Moodle | 1 Moodle | 2022-08-24 | 9.0 HIGH | 9.1 CRITICAL |
| A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities. | |||||
| CVE-2020-10390 | 1 Chadhaajay | 1 Phpkb | 2022-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| OS Command Injection in export.php (vulnerable function called from include/functions-article.php) in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php. | |||||
| CVE-2022-1410 | 1 Device42 | 1 Cmdb | 2022-08-18 | N/A | 8.8 HIGH |
| OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions. | |||||
| CVE-2022-36381 | 1 Nintendo | 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware | 2022-08-17 | N/A | 7.2 HIGH |
| OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2022-36309 | 1 Airspan | 2 Airvelocity 1500, Airvelocity 1500 Firmware | 2022-08-17 | N/A | 8.8 HIGH |
| Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models. | |||||
| CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2022-08-16 | 9.3 HIGH | 8.8 HIGH |
| The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | |||||
| CVE-2021-35049 | 1 Fidelissecurity | 2 Deception, Network | 2022-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response in an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | |||||
| CVE-2021-43779 | 1 Teclib-edition | 1 Addressing | 2022-08-09 | 9.0 HIGH | 9.9 CRITICAL |
| GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin. | |||||
| CVE-2022-22140 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-08 | N/A | 9.8 CRITICAL |
| An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2022-21178 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2022-08-08 | N/A | 9.8 CRITICAL |
| An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2022-33955 | 1 Ibm | 1 Cics Tx | 2022-08-05 | N/A | 6.8 MEDIUM |
| IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. | |||||
| CVE-2020-28424 | 1 S3-kilatstorage Project | 1 S3-kilatstorage | 2022-08-05 | N/A | 9.8 CRITICAL |
| This affects all versions of package s3-kilatstorage. | |||||
| CVE-2022-24405 | 1 Open-xchange | 1 Ox App Suite | 2022-08-03 | N/A | 9.8 CRITICAL |
| OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. | |||||
| CVE-2022-23100 | 1 Open-xchange | 1 Ox App Suite | 2022-08-03 | N/A | 9.8 CRITICAL |
| OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | |||||
| CVE-2022-2550 | 1 Hestiacp | 1 Control Panel | 2022-08-02 | N/A | 8.8 HIGH |
| OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | |||||
| CVE-2021-29449 | 1 Pi-hole | 1 Pi-hole | 2022-08-02 | 7.2 HIGH | 7.8 HIGH |
| Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details. | |||||