Total
5311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20617 | 1 Jenkins | 1 Docker Commons | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.
|
|||||
| CVE-2022-1986 | 1 Gogs | 1 Gogs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
|
|||||
| CVE-2022-1813 | 1 Rengine Project | 1 Rengine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
|
|||||
| CVE-2022-1703 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
|
|||||
| CVE-2022-1513 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | N/A | 7.3 HIGH |
|
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
|
|||||
| CVE-2022-1440 | 1 Git-interface Project | 1 Git-interface | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker.
|
|||||
| CVE-2022-1410 | 1 Device42 | 1 Cmdb | 2024-11-21 | N/A | 8.0 HIGH |
|
OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
|
|||||
| CVE-2022-1362 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 9.3 HIGH | 5.0 MEDIUM |
|
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.
|
|||||
| CVE-2022-1360 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 7.5 HIGH | 8.2 HIGH |
|
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.
|
|||||
| CVE-2022-1359 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 5.0 MEDIUM | 5.7 MEDIUM |
|
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
|
|||||
| CVE-2022-1357 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.
|
|||||
| CVE-2022-1356 | 1 Cambiumnetworks | 1 Cnmaestro | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
|
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands.
|
|||||
| CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.
|
|||||
| CVE-2022-1030 | 3 Apple, Linux, Okta | 3 Macos, Linux Kernel, Advanced Server Access | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.
|
|||||
| CVE-2022-0999 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
|
|||||
| CVE-2022-0848 | 1 Part-db Project | 1 Part-db | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.
|
|||||
| CVE-2022-0841 | 1 Npm-lockfile Project | 1 Npm-lockfile | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.
|
|||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0.
|
|||||
| CVE-2022-0557 | 1 Microweber | 1 Microweber | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0365 | 1 Riconmobile | 4 S9922l, S9922l Firmware, S9922xl and 1 more | 2024-11-21 | 10.0 HIGH | 9.1 CRITICAL |
|
The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user.
|
|||||
| CVE-2021-4281 | 1 Forthebadge | 1 For The Badge | 2024-11-21 | N/A | 4.6 MEDIUM |
|
A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2021-4242 | 1 Sapido | 8 Br270n, Br270n Firmware, Brc76n and 5 more | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.
|
|||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.
|
|||||
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.
|
|||||
| CVE-2021-4029 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.
|
|||||
| CVE-2021-46704 | 1 Genieacs | 1 Genieacs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
|
|||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
|
|||||
| CVE-2021-46422 | 1 Telesquare | 2 Sdt-cs3b1, Sdt-cs3b1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
|
|||||
| CVE-2021-46319 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis.
|
|||||
| CVE-2021-46315 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass.
|
|||||
| CVE-2021-46314 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name.
|
|||||
| CVE-2021-46007 | 1 Totolink | 2 Ar3100r, Ar3100r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks.
|
|||||
| CVE-2021-45987 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter.
|
|||||
| CVE-2021-45986 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter.
|
|||||
| CVE-2021-45979 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API.
|
|||||
| CVE-2021-45978 | 2 Apple, Foxit | 3 Macos, Pdf Editor, Pdf Reader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API.
|
|||||
| CVE-2021-45966 | 1 Pascom | 1 Cloud Phone System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
|
|||||
| CVE-2021-45912 | 1 Controlup | 1 Real-time Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.
|
|||||
| CVE-2021-45845 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.
|
|||||
| CVE-2021-45844 | 2 Debian, Freecadweb | 2 Debian Linux, Freecad | 2024-11-21 | 7.6 HIGH | 7.8 HIGH |
|
Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.
|
|||||