Total
2086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39087 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39081 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39083 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39088 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39084 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39086 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39082 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39085 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 6.7 Medium |
| In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. | ||||
| CVE-2022-39073 | 1 Zte | 2 Mf286r, Mf286r Firmware | 2024-08-03 | 9.8 Critical |
| There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | ||||
| CVE-2022-38156 | 1 Kratosdefense | 2 Spectralnet Narrowband, Spectralnet Narrowband Firmware | 2024-08-03 | 7.2 High |
| A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user. | ||||
| CVE-2022-37704 | 1 Zmanda | 1 Amanda | 2024-08-03 | 6.7 Medium |
| Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | ||||
| CVE-2022-37425 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-08-03 | 9.9 Critical |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | ||||
| CVE-2022-37125 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-08-03 | 9.8 Critical |
| D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | ||||
| CVE-2022-36786 | 1 Dlink | 2 Dsl-224, Dsl-224 Firmware | 2024-08-03 | 9.9 Critical |
| DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router. | ||||
| CVE-2022-36769 | 2 Ibm, Redhat | 2 Cloud Pak For Data, Openshift | 2024-08-03 | 7.2 High |
| IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. | ||||
| CVE-2022-36556 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-08-03 | 9.8 Critical |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. | ||||
| CVE-2022-36553 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-08-03 | 9.8 Critical |
| Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. | ||||
| CVE-2022-36559 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2024-08-03 | 9.8 Critical |
| Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. | ||||
| CVE-2022-36554 | 1 Hytec | 2 Hwl-2511-ss, Hwl-2511-ss Firmware | 2024-08-03 | 9.8 Critical |
| A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. | ||||
| CVE-2022-36523 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-08-03 | 9.8 Critical |
| D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | ||||