Total
5416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20650 | 1 Cisco | 66 N9k-c9316d-gx, N9k-c9332d-gx2b, N9k-c9348d-gx2a and 63 more | 2024-11-21 | 8.8 High |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default. | ||||
| CVE-2022-20617 | 2 Jenkins, Redhat | 2 Docker Commons, Openshift | 2024-11-21 | 8.8 High |
| Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | ||||
| CVE-2022-1986 | 1 Gogs | 1 Gogs | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | ||||
| CVE-2022-1813 | 1 Rengine Project | 1 Rengine | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | ||||
| CVE-2022-1703 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2024-11-21 | 8.8 High |
| Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | ||||
| CVE-2022-1513 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 7.3 High |
| A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | ||||
| CVE-2022-1440 | 1 Git-interface Project | 1 Git-interface | 2024-11-21 | 9.8 Critical |
| Command Injection vulnerability in git-interface@2.1.1 in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a `--upload-pack` command-line argument feature of git is also supported for `git clone`, which would then allow for any operating system command to be spawned by the attacker. | ||||
| CVE-2022-1410 | 1 Device42 | 1 Cmdb | 2024-11-21 | 8 High |
| OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions. | ||||
| CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2024-11-21 | 7.8 High |
| A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | ||||
| CVE-2022-1030 | 3 Apple, Linux, Okta | 3 Macos, Linux Kernel, Advanced Server Access | 2024-11-21 | 8.8 High |
| Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. | ||||
| CVE-2022-0848 | 1 Part-db Project | 1 Part-db | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | ||||
| CVE-2022-0841 | 1 Npm-lockfile Project | 1 Npm-lockfile | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | ||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2024-11-21 | 6.7 Medium |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | ||||
| CVE-2022-0557 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.2 High |
| OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2021-4281 | 1 Forthebadge | 1 For The Badge | 2024-11-21 | 4.6 Medium |
| A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this issue is some unknown functionality of the file .github/workflows/combine-prs.yml. The manipulation leads to os command injection. The name of the patch is 55b5a234c0fab935df5fb08365bc8fe9c37cf46b. It is recommended to apply a patch to fix this issue. VDB-216842 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4144 | 1 Tp-link | 2 Tl-wr802n, Tl-wr802n Firmware | 2024-11-21 | 8.8 High |
| TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | ||||
| CVE-2021-4039 | 1 Zyxel | 2 Nwa1100-nh, Nwa1100-nh Firmware | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | ||||
| CVE-2021-4029 | 1 Zyxel | 4 Nbg6816, Nbg6816 Firmware, Nbg6817 and 1 more | 2024-11-21 | 8.8 High |
| A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | ||||
| CVE-2021-46704 | 1 Genieacs | 1 Genieacs | 2024-11-21 | 9.8 Critical |
| In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. | ||||
| CVE-2021-46441 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 8.8 High |
| In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | ||||