CVE-2022-37081 TOTOLINK A7000R V9.1.0u.6115 contains a command injection vulnerability via the command parameter at setting/setTracerouteCfg.
This issue can be exploited by an attacker by passing the following request to the targeted Apache server:
POST /cgi-bin/setTracerouteCfg HTTP/1.0 Host:
CVE-2022-22728 An Apache libapreq2 buffer overflow could occur while processing multipart form uploads.
The libapreq2 issue has been confirmed to affect the following products: CentOS 5.6 - 5.6.18 Red Hat Enterprise Linux 5 - 5.
CVE-2021-4125 The fix for log4j CVE-2021-44228 and CVE-2021-45046 was incomplete, as some JndiLookup.class files were not removed.
It does not affect OpenShift Enterprise or the standalone OpenShift Enterprise command line interface (CLI) application. The fix for this issue will be included in
CVE-2022-2956 A vulnerability has been found in ConsoleTVs Noxen, affecting an unknown function of the file /Noxen-master/users.php
The nginx web server is a software package that serves web pages. It was developed as a replacement for the previously used Apache HTTP Server.
CVE-2022-30534 An OS command injection vulnerability exists in the WWBN AVideo 11.6 and dev master commit 3f7c0364 functionality of aVideoEncoder. A specially crafted HTTP request can lead to arbitrary command execution.
The request should contain the following parameters:
http://Vulnerable Server>/{aVideoEncoder}/{aVideoEncoder}/{path}?cmd={command}
An OS command injection vulnerability exists in the aVideoEncoder
Episode
00:00:00
00:00:00