Total
4718 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1703 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | |||||
| CVE-2022-1513 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | N/A | 7.3 HIGH |
| A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | |||||
| CVE-2022-1440 | 1 Git-interface Project | 1 Git-interface | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. | |||||
| CVE-2022-1410 | 1 Device42 | 1 Cmdb | 2024-11-21 | N/A | 8.0 HIGH |
| OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions. | |||||
| CVE-2022-1362 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 9.3 HIGH | 5.0 MEDIUM |
| The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. | |||||
| CVE-2022-1360 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 7.5 HIGH | 8.2 HIGH |
| The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. | |||||
| CVE-2022-1357 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. | |||||
| CVE-2022-1356 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
| cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. | |||||
| CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | |||||
| CVE-2022-1030 | 3 Apple, Linux, Okta | 3 Macos, Linux Kernel, Advanced Server Access | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. | |||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | |||||
| CVE-2022-0848 | 1 Part-db Project | 1 Part-db | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | |||||
| CVE-2022-0841 | 1 Npm-lockfile Project | 1 Npm-lockfile | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | |||||
| CVE-2022-0557 | 1 Microweber | 1 Microweber | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0365 | 1 Riconmobile | 4 S9922l, S9922l Firmware, S9922xl and 1 more | 2024-11-21 | 10.0 HIGH | 9.1 CRITICAL |
| The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | |||||
| CVE-2021-4281 | 1 Forthebadge | 1 For The Badge | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-4242 | 1 Sapido | 8 Br270n, Br270n Firmware, Brc76n and 5 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592. | |||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | |||||
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | |||||
| CVE-2021-4029 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | |||||