Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-04-27 CVE-2021-46422 OS Command Injection vulnerability in Telesquare Sdt-Cs3B1 Firmware 1.1.0
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
network
low complexity
telesquare CWE-78
critical
9.8
2022-04-27 CVE-2021-46441 OS Command Injection vulnerability in Dlink Dir-825 Firmware
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.
network
low complexity
dlink CWE-78
8.8
2022-04-22 CVE-2022-1440 OS Command Injection vulnerability in Git-Interface Project Git-Interface
Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2.
network
low complexity
git-interface-project CWE-78
critical
9.8
2022-04-15 CVE-2022-20693 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
network
low complexity
cisco CWE-78
7.2
2022-04-15 CVE-2022-20718 OS Command Injection vulnerability in Cisco IOS XE
Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-78
7.2
2022-04-15 CVE-2022-27188 OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.
local
low complexity
yokogawa CWE-78
7.8
2022-04-12 CVE-2022-29080 OS Command Injection vulnerability in Npm-Dependency-Versions Project Npm-Dependency-Versions
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
network
low complexity
npm-dependency-versions-project CWE-78
critical
9.8
2022-04-11 CVE-2022-0999 OS Command Injection vulnerability in Myscada Mypro
An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
network
low complexity
myscada CWE-78
8.8
2022-04-11 CVE-2022-1262 OS Command Injection vulnerability in Dlink products
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.
local
low complexity
dlink CWE-78
7.8
2022-04-11 CVE-2022-26413 OS Command Injection vulnerability in Zyxel products
A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.
low complexity
zyxel CWE-78
8.0