Total
2149 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3086 | 1 Moxa | 100 Uc-2101-lx, Uc-2101-lx Firmware, Uc-2102-lx and 97 more | 2024-11-21 | N/A | 7.1 HIGH |
| Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3008 | 2 Debian, Tinygltf Project | 2 Debian Linux, Tinygltf | 2024-11-21 | N/A | 8.1 HIGH |
| The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751 | |||||
| CVE-2022-39987 | 1 Raspap | 1 Raspap | 2024-11-21 | N/A | 8.8 HIGH |
| A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | |||||
| CVE-2022-39986 | 1 Raspap | 1 Raspap | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. | |||||
| CVE-2022-38156 | 1 Kratosdefense | 2 Spectralnet Narrowband, Spectralnet Narrowband Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user. | |||||
| CVE-2022-37425 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-11-21 | N/A | 9.9 CRITICAL |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | |||||
| CVE-2022-37125 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | |||||
| CVE-2022-36962 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | N/A | 7.2 HIGH |
| SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands. | |||||
| CVE-2022-36559 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. | |||||
| CVE-2022-36556 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. | |||||
| CVE-2022-36554 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. | |||||
| CVE-2022-36553 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. | |||||
| CVE-2022-36523 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | |||||
| CVE-2022-35503 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Improper verification of a user input in Open Source MANO v7-v12 allows an authenticated attacker to execute arbitrary code within the LCM module container via a Virtual Network Function (VNF) descriptor. An attacker may be able execute code to change the normal execution of the OSM components, retrieve confidential information, or gain access other parts of a Telco Operator infrastructure other than OSM itself. | |||||
| CVE-2022-34974 | 1 Dlink | 2 Dir820la1, Dir820la1 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | |||||
| CVE-2022-34660 | 1 Siemens | 1 Teamcenter | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution. | |||||
| CVE-2022-34592 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-32449 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | |||||
| CVE-2022-32262 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. | |||||
| CVE-2022-32154 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | |||||