Total
3837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37893 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | |||||
| CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | |||||
| CVE-2022-29337 | 1 Cdatatec | 2 Fd702xw-x-r430, Fd702xw-x-r430 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2022-25075 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-25076 | 1 Totolink | 2 A800r, A800r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2022-29013 | 1 Razer | 2 Sila, Sila Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-24552 | 1 Starwindsoftware | 2 Nas, San | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633. | |||||
| CVE-2022-37070 | 1 H3c | 2 Gr-1200w, Gr-1200w Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | |||||
| CVE-2022-30023 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | |||||
| CVE-2022-25078 | 1 Totolink | 1 A3600r Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter. | |||||
| CVE-2023-35861 | 1 Supermicro | 330 H12dgo-6, H12dgo-6 Firmware, H12dgq-nt6 and 327 more | 2023-08-07 | N/A | 9.8 CRITICAL |
| A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. | |||||
| CVE-2023-37292 | 1 Hgiga | 1 Isherlock | 2023-08-04 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174. | |||||
| CVE-2023-35019 | 1 Ibm | 1 Security Verify Governance | 2023-08-04 | N/A | 8.8 HIGH |
| IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873. | |||||
| CVE-2023-4033 | 1 Lfprojects | 1 Mlflow | 2023-08-04 | N/A | 7.8 HIGH |
| OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. | |||||
| CVE-2023-37213 | 1 Synel | 2 Synergy\/a, Synergy\/a Firmware | 2023-08-03 | N/A | 9.8 CRITICAL |
| Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection' | |||||
| CVE-2023-3975 | 1 Diagrams | 1 Drawio | 2023-08-03 | N/A | 9.8 CRITICAL |
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. | |||||
| CVE-2023-3974 | 1 Diagrams | 1 Drawio | 2023-08-03 | N/A | 9.8 CRITICAL |
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. | |||||
| CVE-2023-22653 | 1 Milesight | 2 Ur32l, Ur32l Firmware | 2023-08-02 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2023-38056 | 1 Otrs | 1 Otrs | 2023-08-01 | N/A | 7.2 HIGH |
| Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | |||||
| CVE-2023-38673 | 1 Paddlepaddle | 1 Paddlepaddle | 2023-07-31 | N/A | 9.8 CRITICAL |
| PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. | |||||