CWE:
 

Topic
Date
Author
Med.
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
13.07.2018
Core Security Technolo...


CVEMAP Search Results

CVE
Details
Description
2022-05-18
High
CVE-2022-29639

Updating...
 

 
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.

 
2022-05-17
High
CVE-2022-23673

Vendor: Arubanetworks
Software: Clearpass po...
 

 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

 
High
CVE-2022-23672

Vendor: Arubanetworks
Software: Clearpass po...
 

 
A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.

 
2022-05-16
Medium
CVE-2021-42897

Vendor: Feminer wms project
Software: Feminer wms
 

 
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.

 
2022-05-12
High
CVE-2022-29303

Updating...
 

 
SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

 
2022-05-11
Medium
CVE-2022-1510

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

 
Low
CVE-2022-1428

Vendor: Gitlab
Software: Gitlab
 

 
An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced.

 
2022-05-10
High
CVE-2022-28915

Updating...
 

 
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.

 
High
CVE-2022-28913

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

 
High
CVE-2022-28912

Updating...
 

 
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top