Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-27 | CVE-2021-46422 | OS Command Injection vulnerability in Telesquare Sdt-Cs3B1 Firmware 1.1.0 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | 9.8 |
| 2022-04-27 | CVE-2021-46441 | OS Command Injection vulnerability in Dlink Dir-825 Firmware In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | 8.8 |
| 2022-04-22 | CVE-2022-1440 | OS Command Injection vulnerability in Git-Interface Project Git-Interface Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. | 9.8 |
| 2022-04-15 | CVE-2022-20693 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2022-04-15 | CVE-2022-20718 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-27188 | OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | 7.8 |
| 2022-04-12 | CVE-2022-29080 | OS Command Injection vulnerability in Npm-Dependency-Versions Project Npm-Dependency-Versions The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | 9.8 |
| 2022-04-11 | CVE-2022-0999 | OS Command Injection vulnerability in Myscada Mypro An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | 8.8 |
| 2022-04-11 | CVE-2022-1262 | OS Command Injection vulnerability in Dlink products A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | 7.8 |
| 2022-04-11 | CVE-2022-26413 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | 8.0 |