ROS-20221007-01

The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are processed. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote use...

AZL-10919 CVE-2022-36069 affecting package poetry 1.0.10-2

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

mangadex-downloader 输入验证错误漏洞

mangadex-downloader is a command line tool for downloading comics from MangaDex by the individual developer Rahman Yusuf. An input validation error vulnerability exists in versions of mangadex-downloader prior to 1.7.2, which stems from an attempt to open and read a file on local disk for each li...

CVE-2022-29058

FortiAP family (FortiAP, FortiAP-S, FortiAP-W2, FortiAP-U) versions 5.4.0–6.2.3, 6.0.0–6.4.7, 7.0.0–7.0.3, and 7.2.0 are affected by an OS command injection due to improper neutralization of special elements (CWE-89) in the CLI. An authenticated attacker could execute unauthorized commands via cr...

CVE-2022-29058

An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4....

CVE-2022-29058

An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4....

FortiAP & FortiAP-S & FortiAP-W2 & FortiAP-U - Command injection in CLI

An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP, FortiAP-S, FortiAP-W2 and FortiAP-U may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing...

CVE-2022-31309

A vulnerability in livecheck.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function...

CVE-2022-31845

A vulnerability in livecheck.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function...

GHSA-RJ88-4777-828H Command injection in docker-tester

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file...

CVE-2022-1361 Cambium Networks cnMaestro SQL Injection

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices...

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

Command injection

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...

Command injection

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2021-26116

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2022-22301

Summary (CVE-2022-22301) : FortiAP-C consoles suffer from an OS command injection due to improper neutralization of special elements in CLI arguments. Affected versions range from 5.4.0 to 5.4.3 and 5.2.0 to 5.2.1. The issue can allow an authenticated attacker to execute arbitrary commands with C...

CVE-2022-22301

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments...

CVE-2021-38955

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825...

CVE-2021-40409

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 1 or 2, based on DDNS type, the ddns-password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. Th...