Lucene search
SnykCVELIST:CVE-2022-21810HistoryJan 25, 2023 - 5:00 a.m.
CVE-2022-21810
2023-01-2505:00:03
snyk
www.cve.org
2
smartctl package
command injection
info method
input sanitization
CVSS3
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
EPSS
0.001
Percentile
28.6%
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
CNA Affected
[
{
"product": "smartctl",
"versions": [
{
"version": "0",
"lessThan": "*",
"status": "affected",
"versionType": "semver"
}
],
"vendor": "n/a"
}
]Related
osv
osv
Command injection in smartctl
2023-01-26 21:30:27
prion
prion
Command injection
2023-01-26 21:15:00
cve
cve
CVE-2022-21810
2023-01-26 21:15:28
github
github
Command injection in smartctl
2023-01-26 21:30:27
nvd
nvd
CVE-2022-21810
2023-01-26 21:15:28
CVSS3
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
EPSS
0.001
Percentile
28.6%
Related for CVELIST:CVE-2022-21810