Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-08-08 | N/A | 7.8 HIGH |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | |||||
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2023-08-08 | N/A | 8.8 HIGH |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | |||||
| CVE-2022-25626 | 1 Broadcom | 1 Symantec Identity Governance And Administration | 2023-08-08 | N/A | 5.3 MEDIUM |
| An unauthenticated user can access Identity Manager’s management console specific page URLs. However, the system doesn’t allow the user to carry out server side tasks without a valid web session. | |||||
| CVE-2022-20572 | 1 Google | 1 Android | 2023-08-08 | N/A | 6.7 MEDIUM |
| In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel | |||||
| CVE-2022-20547 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In multiple functions of AdapterService.java, there is a possible way to manipulate Bluetooth state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240301753 | |||||
| CVE-2022-20511 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235821829 | |||||
| CVE-2022-20507 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In onMulticastListUpdateNotificationReceived of UwbEventManager.java, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246649179 | |||||
| CVE-2022-46634 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiWpsCfg function. | |||||
| CVE-2022-46631 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wscDisabled parameter in the setting/setWiFiSignalCfg function. | |||||
| CVE-2022-42849 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2023-08-08 | N/A | 7.8 HIGH |
| An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2, tvOS 16.2, watchOS 9.2. A user may be able to elevate privileges. | |||||
| CVE-2022-24377 | 1 Cycle-import-check Project | 1 Cycle-import-check | 2023-08-08 | N/A | 9.8 CRITICAL |
| The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. | |||||
| CVE-2022-38628 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2023-08-08 | N/A | 6.1 MEDIUM |
| Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors. | |||||
| CVE-2022-44710 | 1 Microsoft | 1 Windows 11 | 2023-08-08 | N/A | 7.8 HIGH |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2022-44699 | 1 Microsoft | 1 Azure Network Watcher Agent | 2023-08-08 | N/A | 5.5 MEDIUM |
| Azure Network Watcher Agent Security Feature Bypass Vulnerability | |||||
| CVE-2022-31696 | 1 Vmware | 2 Cloud Foundation, Esxi | 2023-08-08 | N/A | 8.8 HIGH |
| VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox. | |||||
| CVE-2022-25698 | 1 Qualcomm | 32 Sd429, Sd429 Firmware, Sd 8 Gen1 5g Firmware and 29 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-25697 | 1 Qualcomm | 32 Sd429, Sd429 Firmware, Sd 8 Gen1 5g Firmware and 29 more | 2023-08-08 | N/A | 7.8 HIGH |
| Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-25685 | 1 Qualcomm | 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more | 2023-08-08 | N/A | 7.5 HIGH |
| Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-20500 | 1 Google | 1 Android | 2023-08-08 | N/A | 5.5 MEDIUM |
| In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168 | |||||
| CVE-2022-20491 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556 | |||||
| CVE-2022-20488 | 1 Google | 1 Android | 2023-08-08 | N/A | 7.8 HIGH |
| In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217 | |||||
| CVE-2022-20240 | 1 Google | 1 Android | 2023-08-08 | N/A | 2.3 LOW |
| In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105 | |||||
| CVE-2022-45996 | 1 Tenda | 2 W15e, W20e Firmware | 2023-08-08 | N/A | 7.2 HIGH |
| Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. | |||||
| CVE-2022-45977 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | |||||
| CVE-2022-45043 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2023-08-08 | N/A | 8.8 HIGH |
| Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set. | |||||
| CVE-2022-37912 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2023-08-08 | N/A | 8.8 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37905 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 8.8 HIGH |
| Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | |||||
| CVE-2022-37904 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 8.8 HIGH |
| Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system. | |||||
| CVE-2022-37902 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37901 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37900 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37899 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37898 | 1 Arubanetworks | 12 7005, 7008, 7010 and 9 more | 2023-08-08 | N/A | 7.2 HIGH |
| Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2022-37897 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2023-08-08 | N/A | 9.8 CRITICAL |
| There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | |||||
| CVE-2021-3942 | 1 Hp | 5400 Color Laserjet Cm4540 Mfp Cc419a, Color Laserjet Cm4540 Mfp Cc419a Firmware, Color Laserjet Cm4540 Mfp Cc420a and 5397 more | 2023-08-08 | N/A | 9.8 CRITICAL |
| Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR. | |||||
| CVE-2022-20691 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2023-08-08 | N/A | 6.5 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability. | |||||
| CVE-2022-45506 | 1 Tenda | 2 W30e, W30e Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName. | |||||
| CVE-2022-45497 | 1 Tenda | 2 W6-s, W6-s Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand. | |||||
| CVE-2022-46770 | 1 Linuxfoundation | 1 Mirage Firewall | 2023-08-08 | N/A | 7.5 HIGH |
| qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). | |||||
| CVE-2022-45550 | 1 Ayacms Project | 1 Ayacms | 2023-08-08 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE). | |||||
| CVE-2022-45918 | 1 Ilias | 1 Ilias | 2023-08-08 | N/A | 6.5 MEDIUM |
| ILIAS before 7.16 allows External Control of File Name or Path. | |||||
| CVE-2022-33876 | 1 Fortinet | 1 Fortiadc | 2023-08-08 | N/A | 6.5 MEDIUM |
| Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. | |||||
| CVE-2022-25912 | 1 Simple-git Project | 1 Simple-git | 2023-08-08 | N/A | 9.8 CRITICAL |
| The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). | |||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2023-08-08 | N/A | 9.8 CRITICAL |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | |||||
| CVE-2022-37783 | 1 Craftcms | 1 Craft Cms | 2023-08-08 | N/A | 7.5 HIGH |
| All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework. | |||||
| CVE-2022-32634 | 2 Google, Mediatek | 31 Android, Mt6761, Mt6765 and 28 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In ccci, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138646; Issue ID: ALPS07138646. | |||||
| CVE-2022-32632 | 3 Google, Mediatek, Yoctoproject | 35 Android, Mt6580, Mt6735 and 32 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441630; Issue ID: ALPS07441630. | |||||
| CVE-2022-32631 | 3 Google, Mediatek, Yoctoproject | 34 Android, Mt6580, Mt6739 and 31 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613. | |||||
| CVE-2022-32630 | 2 Google, Mediatek | 6 Android, Mt6789, Mt6855 and 3 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966. | |||||
| CVE-2022-32624 | 2 Google, Mediatek | 8 Android, Mt6789, Mt6855 and 5 more | 2023-08-08 | N/A | 6.7 MEDIUM |
| In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405923; Issue ID: ALPS07405923. | |||||