Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-02 | CVE-2022-22301 | OS Command Injection vulnerability in Fortinet Fortiap-C An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by running CLI commands with specifically crafted arguments. | 7.8 |
| 2022-03-01 | CVE-2021-43075 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers. | 8.8 |
| 2022-03-01 | CVE-2021-4039 | OS Command Injection vulnerability in Zyxel Nwa1100-Nh Firmware A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device. | 9.8 |
| 2022-03-01 | CVE-2020-12775 | OS Command Injection vulnerability in Moica Hicos Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. | 9.8 |
| 2022-02-25 | CVE-2022-25060 | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_startPing. | 9.8 |
| 2022-02-25 | CVE-2022-25061 | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute. | 9.8 |
| 2022-02-25 | CVE-2022-25064 | OS Command Injection vulnerability in Tp-Link Tl-Wr840N Firmware 6.20180709 TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote code execution (RCE) vulnerability via the function oal_wan6_setIpAddr. | 9.8 |
| 2022-02-25 | CVE-2022-25263 | OS Command Injection vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2021.2.3 was vulnerable to OS command injection in the Agent Push feature configuration. | 9.8 |
| 2022-02-25 | CVE-2022-25328 | OS Command Injection vulnerability in Google Fscrypt The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. | 7.3 |
| 2022-02-25 | CVE-2022-24288 | OS Command Injection vulnerability in Apache Airflow In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | 8.8 |