Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-11-30 CVE-2021-4242 OS Command Injection vulnerability in Sapido products
A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical.
network
low complexity
sapido CWE-78
8.8
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in GNU Emacs
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu CWE-78
7.8
2022-11-22 CVE-2022-41942 OS Command Injection vulnerability in Sourcegraph
Sourcegraph is a code intelligence platform.
local
low complexity
sourcegraph CWE-78
7.8
2022-11-22 CVE-2022-44201 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
network
low complexity
dlink CWE-78
critical
9.8
2022-11-22 CVE-2022-44808 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests.
network
low complexity
dlink CWE-78
critical
9.8
2022-11-22 CVE-2022-38649 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
7.8
2022-11-22 CVE-2022-40189 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files.
network
low complexity
apache CWE-78
critical
9.8
2022-11-22 CVE-2022-40954 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
5.5
2022-11-22 CVE-2022-41131 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
7.8
2022-11-17 CVE-2022-45461 OS Command Injection vulnerability in Veritas Netbackup
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
network
low complexity
veritas CWE-78
8.8