Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-24 | CVE-2022-26289 | OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/exeCommand. | 9.8 |
| 2022-03-24 | CVE-2022-26290 | OS Command Injection vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command injection vulnerability via the component /goform/WriteFacMac. | 9.8 |
| 2022-03-23 | CVE-2021-27476 | OS Command Injection vulnerability in Rockwellautomation Factorytalk Assetcentre 10.00 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. | 9.8 |
| 2022-03-23 | CVE-2022-1030 | OS Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. | 8.8 |
| 2022-03-23 | CVE-2022-22951 | OS Command Injection vulnerability in VMWare Carbon Black APP Control VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. | 9.1 |
| 2022-03-21 | CVE-2022-24237 | OS Command Injection vulnerability in Snapt Aria 12.8 The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. | 8.8 |
| 2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |
| 2022-03-18 | CVE-2022-26265 | OS Command Injection vulnerability in Contao 1.5.0 Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. | 9.8 |
| 2022-03-18 | CVE-2022-25438 | OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | 9.8 |
| 2022-03-18 | CVE-2022-25441 | OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. | 9.8 |