ReportizFlow
Filtered by vendor
Subscriptions
Total
2189 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27806 | 1 F5 | 4 Big-ip Access Policy Manager, Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager and 1 more | 2024-11-21 | 8.7 High |
| On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-27588 | 1 Qnap | 1 Qvr | 2024-11-21 | 9.8 Critical |
| We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later | ||||
| CVE-2022-27083 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic. | ||||
| CVE-2022-27082 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetInternetLanInfo. | ||||
| CVE-2022-27081 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/SetLanInfo. | ||||
| CVE-2022-27080 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setWorkmode. | ||||
| CVE-2022-27079 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setPicListItem. | ||||
| CVE-2022-27078 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setAdInfoDetail. | ||||
| CVE-2022-27077 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadWeiXinPic. | ||||
| CVE-2022-27076 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/delAd. | ||||
| CVE-2022-27002 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddnsăddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-27001 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-27000 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26999 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26998 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26997 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26996 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26995 | 1 Commscope | 2 Arris Tr3300, Arris Tr3300 Firmware | 2024-11-21 | 9.8 Critical |
| Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2022-26945 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 9.8 Critical |
| go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-26536 | 1 Tenda | 2 M3, M3 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/setFixTools. | ||||