Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41518 | 1 Totolink | 2 Nr1800x, Nr1800x Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. | |||||
| CVE-2022-26212 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-22454 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server On Cloud, Linux Kernel and 1 more | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | |||||
| CVE-2022-26265 | 1 Contao | 1 Contao | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. | |||||
| CVE-2022-2185 | 1 Gitlab | 1 Gitlab | 2023-08-08 | 7.5 HIGH | 8.8 HIGH |
| A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. | |||||
| CVE-2021-42884 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | |||||
| CVE-2022-26992 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26214 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. | |||||
| CVE-2022-26209 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26993 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26213 | 1 Totolink | 2 X5000r, X5000r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2021-42888 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | |||||
| CVE-2022-26207 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-26210 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2022-38535 | 1 Totolink | 2 A720r, A720r Firmware | 2023-08-08 | N/A | 7.2 HIGH |
| TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. | |||||
| CVE-2021-42885 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | |||||
| CVE-2022-26211 | 1 Totolink | 12 A3000ru, A3000ru Firmware, A3100r and 9 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2021-43033 | 1 Kaseya | 1 Unitrends Backup | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. | |||||
| CVE-2022-23673 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2023-08-08 | 9.0 HIGH | 7.2 HIGH |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-26994 | 1 Arris | 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | |||||