CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2022/02/08 10:30 a.m.•53 views

CVE-2022-21173

CVE-2022-21173 refers to a hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3/WRH-300WH3/WRH-300BK3-S/WRH-300DR3-S/WRH-300LB3-S/WRH-300PN3-S/WRH-300WH3-S/WRH-300YG3-S) with firmware versions 1.05 and earlier. The issue allows a network-adjacent attacker to execute an arbitrary O...

8.8CVSS8.6AI score0.0044EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/02/08 12:0 a.m.•5 views

PT-2022-14902 · Elecom · Elecom Lan Routers

Name of the Vulnerable Software and Affected Versions: ELECOM LAN routers versions 1.05 and earlier Description: The issue allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. Recommendations: For versions 1.05 and earlier, update the firmware to ...

8.8CVSS8.7AI score0.0044EPSS

Exploits0References5

NVD•added 2022/02/07 3:15 a.m.•14 views

CVE-2021-43928

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

9.9CVSS0.01865EPSS

OSV•added 2022/02/07 3:15 a.m.•1 views

CVE-2021-43928

8.8CVSS6AI score0.01865EPSS

Prion•added 2022/02/07 3:15 a.m.•15 views

Command injection

6.5CVSS8.7AI score0.01865EPSS

CVE•added 2022/02/07 2:15 a.m.•61 views

CVE-2021-43928

CVE-2021-43928 describes an OS command injection in Synology Mail Station’s mail sending/receiving component. The issue arises from improper neutralization of special elements, enabling remote authenticated users to execute arbitrary commands via unspecified vectors. Affected are Synology Mail St...

9.9CVSS8.8AI score0.01865EPSS

Tenable Nessus•added 2022/02/07 12:0 a.m.•26 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-14931)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...

10CVSS8.9AI score0.5766EPSS

Exploits3References4

Huntr•added 2022/02/05 3:3 p.m.•31 views

OS Command Injection in microweber/microweber

Description OS command injection also known as shell injection is a web security vulnerability that allows an attacker to execute arbitrary operating system OS commands on the server that is running an application, and typically fully compromise the application and all its data. Very often, an...

9CVSS1.2AI score0.51193EPSS

Exploits4

Cvelist•added 2022/02/04 10:32 p.m.•10 views

CVE-2022-23611 OS command injection in iTunesRPC-Remastered

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade...

8.1CVSS9.9AI score0.01401EPSS

Vulnrichment•added 2022/02/04 10:32 p.m.•4 views

CVE-2022-23611 OS command injection in iTunesRPC-Remastered

8.1CVSS9.7AI score0.01401EPSS

ICS•added 2022/02/03 12:0 a.m.•69 views

Airspan Networks Mimosa

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Airspan Networks Equipment: Mimosa by Airspan product line Vulnerabilities: Improper Authorization, Incorrect Authorization, Server-side Request Forgery, SQL Injection, Deserialization of Untrusted...

10CVSS10AI score0.03527EPSS

Exploits0References5

NVD•added 2022/02/02 12:15 p.m.•21 views

CVE-2021-41018

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

9CVSS0.03323EPSS

OSV•added 2022/02/02 12:15 p.m.•2 views

CVE-2021-41018

8.8CVSS5.9AI score0.03323EPSS

Prion•added 2022/02/02 12:15 p.m.•12 views

Command injection

9CVSS8.8AI score0.03323EPSS

CVE•added 2022/02/02 11:25 a.m.•61 views

CVE-2021-41018

CVE-2021-41018 affects Fortinet FortiWeb OS command injection via improper neutralization of special elements in HTTP requests. Affected are FortiWeb versions 6.4.1 and below, and 6.3.15 and below. The vulnerability can allow an attacker to execute unauthorized code or commands through crafted HT...

9CVSS8.9AI score0.03323EPSS

NVD•added 2022/02/02 11:15 a.m.•16 views

CVE-2021-43073

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

8.8CVSS0.01386EPSS

CVE•added 2022/02/02 11:1 a.m.•59 views

CVE-2021-43073

CVE-2021-43073 affects Fortinet FortiWeb (APIs: ApplicationDelivery, JsonProtection, WebProtection) with an OS command injection via improper neutralization of special elements in HTTP requests. Affected releases include FortiWeb 6.4.1/6.4.0, 6.3.15 and below, and 6.2.6 and below. Impact: authent...

8.8CVSS8.9AI score0.01386EPSS

CNNVD•added 2022/02/02 12:0 a.m.•3 views

Fortinet FortiWeb 操作系统命令注入漏洞

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A security vulnerability exists that stems...

8.8CVSS5.8AI score0.01386EPSS