ReportizFlow
Filtered by vendor
Subscriptions
Total
2165 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43550 | 2 Jitsi, Microsoft | 2 Jitsi, Windows | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. | ||||
| CVE-2022-43367 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2024-11-21 | 9.8 Critical |
| IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the formSetDebugCfg function. | ||||
| CVE-2022-43109 | 1 Dlink | 2 Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-823G v1.0.2 was found to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via a crafted packet. | ||||
| CVE-2022-42906 | 2 Debian, Powerline Gitstatus Project | 2 Debian Linux, Powerline Gitstatus | 2024-11-21 | 7.8 High |
| powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001. | ||||
| CVE-2022-42897 | 1 Arraynetworks | 15 Ag1000, Ag1000t, Ag1000v5 and 12 more | 2024-11-21 | 9.8 Critical |
| Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | ||||
| CVE-2022-42161 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | 8.8 High |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the /SetTriggerWPS/PIN parameter at function SetTriggerWPS. | ||||
| CVE-2022-42160 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | 8.8 High |
| D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings. | ||||
| CVE-2022-42156 | 1 Dlink | 6 Covr 1200, Covr 1200 Firmware, Covr 1202 and 3 more | 2024-11-21 | 8.8 High |
| D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings. | ||||
| CVE-2022-41955 | 1 Autolabproject | 1 Autolab | 2024-11-21 | 8.8 High |
| Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`. | ||||
| CVE-2022-41870 | 1 Innovaphone | 1 Innovaphone Firmware | 2024-11-21 | 7.2 High |
| AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload. | ||||
| CVE-2022-41800 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 8.7 High |
| In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-41617 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 7.2 High |
| In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface. | ||||
| CVE-2022-40881 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | 9.8 Critical |
| SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php | ||||
| CVE-2022-40770 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2024-11-21 | 7.2 High |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | ||||
| CVE-2022-40765 | 1 Mitel | 1 Mivoice Connect | 2024-11-21 | 6.8 Medium |
| A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with internal network access to conduct a command-injection attack, due to insufficient restriction of URL parameters. | ||||
| CVE-2022-40752 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2024-11-21 | 9.8 Critical |
| IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687. | ||||
| CVE-2022-40746 | 2 Ibm, Microsoft | 2 I Access Client Solutions, Windows | 2024-11-21 | 7.2 High |
| IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581. | ||||
| CVE-2022-40100 | 1 Tenda | 2 I9, I9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function. | ||||
| CVE-2022-40022 | 1 Microchip | 2 Syncserver S650, Syncserver S650 Firmware | 2024-11-21 | 9.8 Critical |
| Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability. | ||||
| CVE-2022-40021 | 1 Qvidium | 2 Amino A140, Amino A140 Firmware | 2024-11-21 | 9.8 Critical |
| QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) was discovered to contain a command injection vulnerability. | ||||