| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. |
| Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable
to shell escape, which enables local attackers with non-superuser
credentials to gain full, unrestrictive shell access which may allow an
attacker to execute arbitrary code.
|
| An attacker could leverage an API to pass along a malicious file that could then manipulate the process creation command line in MDT AutoSave versions prior to v6.02.06 and run a command line argument. This could then be leveraged to run a malicious process. |
| The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.<br>*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. |
| Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 |
| During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. |
| On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. |
| Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. |
| An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component. |
| An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. |
| An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. |
| A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability. |
