Search Results (21031 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28663 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592)
CVE-2022-28662 1 Siemens 1 Simcenter Femap 2024-11-21 6.5 Medium
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15307)
CVE-2022-28584 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28583 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28582 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28581 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28580 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28579 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28578 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28577 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload.
CVE-2022-28575 1 Totolink 2 A7100ru, A7100ru Firmware 2024-11-21 9.8 Critical
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload
CVE-2022-28573 1 Dlink 2 Dir-823 Pro, Dir-823 Pro Firmware 2024-11-21 9.8 Critical
D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter.
CVE-2022-28572 1 Tenda 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more 2024-11-21 8.8 High
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function
CVE-2022-28571 1 Dlink 2 Dir-882, Dir-882 Firmware 2024-11-21 9.8 Critical
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli.
CVE-2022-28561 1 Tenda 2 Ax12, Ax12 Firmware 2024-11-21 9.8 Critical
There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-28560 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload
CVE-2022-28557 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 9.8 Critical
There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution
CVE-2022-28556 1 Tenda 2 Ac15, Ac15 Firmware 2024-11-21 7.5 High
Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971
CVE-2022-28506 2 Fedoraproject, Giflib Project 2 Fedora, Giflib 2024-11-21 5.5 Medium
There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
CVE-2022-28381 1 Allmediaserver 1 Allmediaserver 2024-11-21 9.8 Critical
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.