Total
4780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40679 | 1 Fortinet | 3 Fortiadc, Fortiddos, Fortiddos-f | 2024-11-21 | 7.1 High |
| An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | ||||
| CVE-2022-40176 | 1 Siemens | 20 Desigo Pxm30-1, Desigo Pxm30-1 Firmware, Desigo Pxm30.e and 17 more | 2024-11-21 | 8.0 High |
| A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM40.E (All versions < V02.20.126.11-41), Desigo PXM50-1 (All versions < V02.20.126.11-41), Desigo PXM50.E (All versions < V02.20.126.11-41), PXG3.W100-1 (All versions < V02.20.126.11-37), PXG3.W100-2 (All versions < V02.20.126.11-41), PXG3.W200-1 (All versions < V02.20.126.11-37), PXG3.W200-2 (All versions < V02.20.126.11-41). There exists an Improper Neutralization of Special Elements used in an OS Command with root privileges during a restore operation due to the missing validation of the names of files included in the input package. By restoring a specifically crafted package, a remote low-privileged attacker can execute arbitrary system commands with root privileges on the device, leading to a full compromise. | ||||
| CVE-2022-3874 | 2 Redhat, Theforeman | 4 Satellite, Satellite Capsule, Satellite Utils and 1 more | 2024-11-21 | 8 High |
| A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. | ||||
| CVE-2022-3492 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772. | ||||
| CVE-2022-3276 | 2 Puppet, Redhat | 2 Puppetlabs-mysql, Openstack | 2024-11-21 | 8.4 High |
| Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | ||||
| CVE-2022-3275 | 2 Fedoraproject, Puppet | 2 Fedora, Puppetlabs-mysql | 2024-11-21 | 8.4 High |
| Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | ||||
| CVE-2022-3133 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.8 High |
| OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0. | ||||
| CVE-2022-39951 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.2 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2022-39947 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 8.6 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | ||||
| CVE-2022-39819 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 8.8 High |
| In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | ||||
| CVE-2022-39818 | 1 Nokia | 1 Network Functions Manager For Transport | 2024-11-21 | 8.8 High |
| In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system. | ||||
| CVE-2022-39815 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 9.8 Critical |
| In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | ||||
| CVE-2022-38828 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi | ||||
| CVE-2022-38826 | 1 Totolink | 2 T6, T6 Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. | ||||
| CVE-2022-38535 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.2 High |
| TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. | ||||
| CVE-2022-38534 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.2 High |
| TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. | ||||
| CVE-2022-38531 | 1 Fpt | 4 G-97rg3, G-97rg3 Firmware, G-97rg6m and 1 more | 2024-11-21 | 8.8 High |
| FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Remote Command Execution in the ping function. | ||||
| CVE-2022-38511 | 1 Totolink | 2 A810r, A810r Firmware | 2024-11-21 | 7.8 High |
| TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | ||||
| CVE-2022-38308 | 1 Totolink | 2 A7000ru, A7000ru Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. | ||||
| CVE-2022-38132 | 1 Linksys | 2 Mr8300, Mr8300 Firmware | 2024-11-21 | 8.2 High |
| Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. | ||||