# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2023-22884 |
77 |
|
Sql |
2023-01-21 |
2023-01-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. |
2 |
CVE-2023-22671 |
77 |
|
|
2023-01-06 |
2023-01-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. |
3 |
CVE-2023-22496 |
77 |
|
Exec Code |
2023-01-14 |
2023-01-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability. |
4 |
CVE-2023-0315 |
77 |
|
|
2023-01-16 |
2023-01-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8. |
5 |
CVE-2023-0039 |
77 |
|
Exec Code Bypass |
2023-01-03 |
2023-01-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator. |
6 |
CVE-2022-48126 |
77 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. |
7 |
CVE-2022-48125 |
77 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. |
8 |
CVE-2022-48124 |
77 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. |
9 |
CVE-2022-48123 |
77 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. |
10 |
CVE-2022-48122 |
77 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. |
11 |
CVE-2022-48121 |
77 |
|
|
2023-01-20 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. |
12 |
CVE-2022-47853 |
77 |
|
|
2023-01-17 |
2023-01-25 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. |
13 |
CVE-2022-47210 |
77 |
|
Exec Code |
2022-12-16 |
2022-12-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. |
14 |
CVE-2022-46642 |
77 |
|
|
2022-12-23 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the auto_upgrade_hour parameter in the SetAutoUpgradeInfo function. |
15 |
CVE-2022-46641 |
77 |
|
|
2022-12-23 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
D-Link DIR-846 A1_FW100A43 was discovered to contain a command injection vulnerability via the lan(0)_dhcps_staticlist parameter in the SetIpMacBindSettings function. |
16 |
CVE-2022-46634 |
77 |
|
|
2022-12-15 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. |
17 |
CVE-2022-46631 |
77 |
|
|
2022-12-15 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. |
18 |
CVE-2022-46538 |
77 |
|
|
2022-12-20 |
2022-12-24 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. |
19 |
CVE-2022-46476 |
77 |
|
|
2023-01-19 |
2023-01-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. |
20 |
CVE-2022-46421 |
77 |
|
|
2022-12-20 |
2022-12-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 5.0.0. |
21 |
CVE-2022-46404 |
77 |
|
|
2022-12-13 |
2022-12-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. |
22 |
CVE-2022-46333 |
77 |
|
Exec Code |
2022-12-06 |
2022-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. |
23 |
CVE-2022-46169 |
77 |
|
Exec Code Bypass |
2022-12-05 |
2022-12-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: <TARGETIP>`. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch. |
24 |
CVE-2022-45996 |
77 |
|
|
2022-12-12 |
2022-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. |
25 |
CVE-2022-45977 |
77 |
|
|
2022-12-12 |
2022-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. |
26 |
CVE-2022-45907 |
77 |
|
Exec Code |
2022-11-26 |
2022-11-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. |
27 |
CVE-2022-45796 |
77 |
|
Exec Code |
2022-12-16 |
2022-12-27 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. |
28 |
CVE-2022-45717 |
77 |
|
|
2022-12-23 |
2023-01-04 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request. |
29 |
CVE-2022-45506 |
77 |
|
|
2022-12-08 |
2022-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. |
30 |
CVE-2022-45497 |
77 |
|
|
2022-12-08 |
2022-12-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. |
31 |
CVE-2022-45462 |
77 |
|
|
2022-11-23 |
2022-11-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher |
32 |
CVE-2022-45094 |
77 |
|
Exec Code |
2023-01-10 |
2023-01-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component. |
33 |
CVE-2022-45063 |
77 |
|
Exec Code |
2022-11-10 |
2022-12-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. |
34 |
CVE-2022-45043 |
77 |
|
|
2022-12-12 |
2022-12-14 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. |
35 |
CVE-2022-45025 |
77 |
|
|
2022-12-07 |
2022-12-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function. |
36 |
CVE-2022-45005 |
77 |
|
|
2022-12-13 |
2022-12-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function. |
37 |
CVE-2022-44930 |
77 |
|
|
2022-12-02 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. |
38 |
CVE-2022-44928 |
77 |
|
|
2022-12-02 |
2022-12-05 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function. |
39 |
CVE-2022-44844 |
77 |
|
|
2022-11-25 |
2022-12-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. |
40 |
CVE-2022-44843 |
77 |
|
|
2022-11-25 |
2022-12-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function. |
41 |
CVE-2022-44832 |
77 |
|
|
2022-12-14 |
2022-12-16 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function. |
42 |
CVE-2022-44621 |
77 |
|
|
2022-12-30 |
2023-01-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. |
43 |
CVE-2022-44252 |
77 |
|
|
2022-11-23 |
2022-11-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. |
44 |
CVE-2022-44251 |
77 |
|
|
2022-11-23 |
2022-11-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. |
45 |
CVE-2022-44250 |
77 |
|
|
2022-11-23 |
2022-11-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. |
46 |
CVE-2022-44249 |
77 |
|
|
2022-11-23 |
2022-11-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. |
47 |
CVE-2022-43781 |
77 |
|
Exec Code |
2022-11-17 |
2022-11-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. |
48 |
CVE-2022-43695 |
77 |
|
XSS |
2022-11-14 |
2022-11-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Stored Cross-Site Scripting (XSS) in dashboard/system/express/entities/associations because Concrete CMS allows association with an entity name that doesn’t exist or, if it does exist, contains XSS since it was not properly sanitized. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+. |
49 |
CVE-2022-43538 |
77 |
|
Exec Code |
2023-01-05 |
2023-01-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. |
50 |
CVE-2022-43537 |
77 |
|
Exec Code |
2023-01-05 |
2023-01-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. |