CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

CNNVD•added 2022/12/12 12:0 a.m.•2 views

Aruba Networks EdgeConnect 安全漏洞

Aruba Networks EdgeConnect is an edge connectivity management platform from Aruba Networks, USA. A security vulnerability exists in Aruba Networks EdgeConnect that originates from allowing an authenticated remote user to run arbitrary commands on the underlying host, which could be exploited by a...

7.2CVSS7.6AI score0.01365EPSS

Exploits0References2

OSV•added 2022/12/01 5:15 a.m.•2 views

CVE-2022-45045

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019. A remote and authenticated...

8.8CVSS6.1AI score0.01239EPSS

Exploits1References1

OSV•added 2022/10/11 11:15 p.m.•4 views

AZL-11115 CVE-2022-42717 affecting package packer for versions less than 1.8.7-1

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...

7.8CVSS6AI score0.00227EPSS

Exploits0References1

OSV•added 2022/09/30 7:15 p.m.•1 views

CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

6.7CVSS5.9AI score

Exploits0References1

OSV•added 2022/09/30 7:15 p.m.•4 views

CVE-2022-20855

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the...

6.7CVSS6AI score0.0034EPSS

Exploits0References1

OSV•added 2022/09/30 7:15 p.m.•3 views

CVE-2022-20818

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a...

7.8CVSS6.1AI score0.00593EPSS

Exploits1References1

ATTACKERKB•added 2022/09/28 11:0 p.m.•2 views

CVE-2022-20855

7.9CVSS6.9AI score0.0034EPSS

Exploits0References2

OSV•added 2022/09/20 8:15 p.m.•0 views

CVE-2022-37883

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

7.2CVSS6.1AI score

Exploits0References1

OSV•added 2022/09/05 4:15 p.m.•0 views

CVE-2022-31814

pfSense pfBlockerNG through 2.1.426 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected...

9.8CVSS6AI score0.86446EPSS

Exploits14References6

ATTACKERKB•added 2022/08/08 3:15 p.m.•3 views

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

7.2CVSS7.3AI score0.0106EPSS

Exploits1References3

CNNVD•added 2022/08/08 12:0 a.m.•6 views

Airspan AirSpot 5410 安全漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which originates from the ability of an authenticated attacker to achieve full control of the devi...

7.2CVSS7.1AI score0.0106EPSS

Exploits1References4

Positive Technologies•added 2022/08/08 12:0 a.m.•5 views

PT-2022-23283 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: A hidden system command web page exists in the device, allowing an authenticated user to execute Linux commands with root privileges. This page is not listed in the administration...

7.2CVSS7.2AI score0.0106EPSS

Exploits1References8

OSV•added 2022/07/22 4:15 a.m.•1 views

CVE-2022-20910

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

7.2CVSS6.2AI score0.00929EPSS

Exploits0References1

OSV•added 2022/07/22 4:15 a.m.•2 views

CVE-2022-20893

7.2CVSS7.5AI score0.00859EPSS

Exploits0References1

OSV•added 2022/07/22 4:15 a.m.•2 views

CVE-2022-20901

7.2CVSS6.2AI score0.00859EPSS

Exploits0References1

CNNVD•added 2022/07/22 12:0 a.m.•3 views

Cisco Small Business 缓冲区错误漏洞

Cisco Small Business is a switch from Cisco USA. The Cisco Small Business router suffers from a buffer error vulnerability that originates from an authenticated, remote attacker utilizing its web-based management interface to insufficiently validate the user field in incoming HTTP packets. An...

7.2CVSS7.8AI score0.00859EPSS

Exploits0References3

CNNVD•added 2022/07/22 12:0 a.m.•6 views

Cisco Small Business 缓冲区错误漏洞

7.2CVSS7.8AI score0.00859EPSS

Exploits0References3

OSV•added 2022/07/21 10:15 p.m.•5 views

CVE-2022-20891

7.2CVSS6.2AI score0.0098EPSS

Exploits0References1

OSV•added 2022/07/21 2:15 p.m.•4 views

CVE-2022-20888