Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-06-21 CVE-2022-26147 OS Command Injection vulnerability in Quectel Rg502Q-Ea Firmware
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection.
network
low complexity
quectel CWE-78
critical
10.0
2022-06-21 CVE-2022-2068 OS Command Injection vulnerability in multiple products
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.
network
low complexity
openssl debian CWE-78
critical
10.0
2022-06-20 CVE-2022-31794 OS Command Injection vulnerability in Fujitsu Eternus Cs8000 Firmware 8.1
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04.
network
low complexity
fujitsu CWE-78
critical
10.0
2022-06-20 CVE-2022-31795 OS Command Injection vulnerability in Fujitsu Eternus Cs8000 Firmware 8.1
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04.
network
low complexity
fujitsu CWE-78
critical
10.0
2022-06-16 CVE-2022-30329 OS Command Injection vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356
An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.
network
low complexity
trendnet CWE-78
critical
10.0
2022-06-15 CVE-2022-33140 OS Command Injection vulnerability in Apache Nifi and Nifi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms.
network
apache CWE-78
6.0
2022-06-09 CVE-2019-25065 OS Command Injection vulnerability in Opennetadmin 18.1.1
A vulnerability was found in OpenNetAdmin 18.1.1.
network
low complexity
opennetadmin CWE-78
7.5
2022-06-09 CVE-2019-25066 OS Command Injection vulnerability in Ajenti 2.1.31
A vulnerability has been found in ajenti 2.1.31 and classified as critical.
network
low complexity
ajenti CWE-78
6.5
2022-06-09 CVE-2022-1986 OS Command Injection vulnerability in Gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
network
low complexity
gogs CWE-78
7.5
2022-06-08 CVE-2022-1703 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
network
low complexity
sonicwall CWE-78
critical
9.0