Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21414 | 1 Prisma | 1 Prisma | 2022-04-26 | 6.5 MEDIUM | 7.2 HIGH |
| Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase. | |||||
| CVE-2020-35606 | 1 Webmin | 1 Webmin | 2022-04-26 | 9.0 HIGH | 8.8 HIGH |
| Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. | |||||
| CVE-2020-15357 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2022-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options. | |||||
| CVE-2020-36198 | 1 Qnap | 1 Malware Remover | 2022-04-26 | 7.2 HIGH | 6.7 MEDIUM |
| A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | |||||
| CVE-2020-26300 | 1 Systeminformation | 1 Systeminformation | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix. | |||||
| CVE-2021-32673 | 1 Reg-keygen-git-hash Project | 1 Reg-keygen-git-hash | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue. | |||||
| CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | |||||
| CVE-2020-17456 | 1 Seowonintech | 10 Slc-130, Slc-130 Firmware, Slr-120d42g and 7 more | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page. | |||||
| CVE-2022-27188 | 1 Yokogawa | 2 B\/m9000 Vp, Centum Vp | 2022-04-22 | 4.4 MEDIUM | 7.8 HIGH |
| OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | |||||
| CVE-2021-22795 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2022-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior) | |||||
| CVE-2017-14459 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. | |||||
| CVE-2018-3937 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2022-04-19 | 6.5 MEDIUM | 7.2 HIGH |
| An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2019-10655 | 1 Grandstream | 10 Gac2500, Gac2500 Firmware, Gvc3202 and 7 more | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
| Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. | |||||
| CVE-2019-11409 | 1 Fusionpbx | 1 Fusionpbx | 2022-04-18 | 6.5 MEDIUM | 8.8 HIGH |
| app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. | |||||
| CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2022-04-18 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | |||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2022-04-18 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | |||||
| CVE-2020-7351 | 1 Netfortris | 1 Trixbox | 2022-04-18 | 9.0 HIGH | 8.8 HIGH |
| An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. | |||||
| CVE-2022-26413 | 1 Zyxel | 64 Ax7501-b0, Ax7501-b0 Firmware, Dx5401-b0 and 61 more | 2022-04-15 | 7.7 HIGH | 8.0 HIGH |
| A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | |||||
| CVE-2021-36287 | 1 Dell | 10 Emc Unity Operating Environment, Vnx5200, Vnx5400 and 7 more | 2022-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. | |||||
| CVE-2022-26670 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2022-04-14 | 8.3 HIGH | 8.8 HIGH |
| D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | |||||