Total
4500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0011 | 1 U-blox | 10 Toby-l200, Toby-l200 Firmware, Toby-l201 and 7 more | 2024-11-21 | N/A | 7.6 HIGH |
| A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands. Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well.. This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280. | |||||
| CVE-2022-4643 | 1 Search | 1 Docconv | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in docconv up to 1.2.0. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.2.1 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4364 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-215118 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4257 | 1 Cdatatec | 1 C-data Web Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631. | |||||
| CVE-2022-4221 | 1 Asus | 2 Nas-m25, Nas-m25 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | |||||
| CVE-2022-48616 | 1 Huawei | 2 Ar617vw, Ar617vw Firmware | 2024-11-21 | N/A | 6.4 MEDIUM |
| A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges. | |||||
| CVE-2022-48584 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48583 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48582 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48581 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-48580 | 1 Sciencelogic | 1 Sl1 | 2024-11-21 | N/A | 8.8 HIGH |
| A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system. | |||||
| CVE-2022-47911 | 1 Sewio | 1 Real-time Location System Studio | 2024-11-21 | N/A | 9.1 CRITICAL |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system commands. | |||||
| CVE-2022-47616 | 1 Hitrontech | 2 Coda-5310, Coda-5310 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. | |||||
| CVE-2022-47555 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | N/A | 9.3 CRITICAL |
| Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor. | |||||
| CVE-2022-46361 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2024-11-21 | N/A | 6.9 MEDIUM |
| An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2. | |||||
| CVE-2022-46304 | 1 Changingtec | 1 Servisign | 2024-11-21 | N/A | 8.8 HIGH |
| ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary system command to perform arbitrary system operation or disrupt service. | |||||
| CVE-2022-46303 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 8.0 HIGH |
| Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, Checkmk <= 2.0.0p27, and Checkmk <= 1.6.0p29 allows an attacker with User Management permissions, as well as LDAP administrators in certain scenarios, to perform arbitrary commands within the context of the application's local permissions. | |||||
| CVE-2022-45104 | 1 Dell | 3 Evasa Provider Virtual Appliance, Solutions Enabler Virtual Appliance, Unisphere For Powermax Virtual Appliance | 2024-11-21 | N/A | 8.8 HIGH |
| Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system. | |||||
| CVE-2022-44720 | 1 Ucopia | 2 Wireless Appliance, Wireless Appliance Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | |||||
| CVE-2022-43973 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | |||||