Total
4780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30303 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 8.6 High |
| AnĀ improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. | ||||
| CVE-2022-30105 | 1 Belkin | 2 N300, N300 Firmware | 2024-11-21 | 9.8 Critical |
| In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root. | ||||
| CVE-2022-30079 | 1 Netgear | 1 R6200 | 2024-11-21 | 8.8 High |
| Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | ||||
| CVE-2022-30078 | 1 Netgear | 4 R6200, R6200 Firmware, R6300 and 1 more | 2024-11-21 | 8.8 High |
| NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. | ||||
| CVE-2022-30023 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2024-11-21 | 8.8 High |
| Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | ||||
| CVE-2022-2550 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 8.8 High |
| OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | ||||
| CVE-2022-2314 | 1 Vr Calendar Project | 1 Vr Calendar | 2024-11-21 | 9.8 Critical |
| The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. | ||||
| CVE-2022-2185 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. | ||||
| CVE-2022-29937 | 1 Usu | 1 Oracle Optimization | 2024-11-21 | 8.8 High |
| USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | ||||
| CVE-2022-29592 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2024-11-21 | 9.8 Critical |
| Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). | ||||
| CVE-2022-29539 | 1 Resi | 1 Gemini-net | 2024-11-21 | 9.8 Critical |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user. | ||||
| CVE-2022-29516 | 1 Fujitsu | 92 Ipcom Ex2 Dc 3200, Ipcom Ex2 Dc 3200 Firmware, Ipcom Ex2 Dc 3500 and 89 more | 2024-11-21 | 9.8 Critical |
| The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. | ||||
| CVE-2022-29337 | 1 Cdatatec | 2 Fd702xw-x-r430, Fd702xw-x-r430 Firmware | 2024-11-21 | 9.8 Critical |
| C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2022-29080 | 1 Npm-dependency-versions Project | 1 Npm-dependency-versions | 2024-11-21 | 9.8 Critical |
| The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | ||||
| CVE-2022-29061 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | 7.2 High |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. | ||||
| CVE-2022-29013 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 9.8 Critical |
| A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2022-28915 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. | ||||
| CVE-2022-28913 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | ||||
| CVE-2022-28912 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | ||||
| CVE-2022-28911 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | ||||