Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-02-11 CVE-2022-45104 OS Command Injection vulnerability in Dell products
Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability.
network
low complexity
dell CWE-78
8.8
2023-02-10 CVE-2023-24816 OS Command Injection vulnerability in Ipython
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language.
local
high complexity
ipython CWE-78
7.0
2023-02-10 CVE-2022-46649 OS Command Injection vulnerability in Sierrawireless Aleos
Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device.
network
low complexity
sierrawireless CWE-78
8.8
2023-02-10 CVE-2022-45699 OS Command Injection vulnerability in Apsystems Ecu-R Firmware 5203
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.
network
low complexity
apsystems CWE-78
critical
9.8
2023-02-07 CVE-2022-45768 OS Command Injection vulnerability in Edimax Br-6428Ns Firmware 1.20
Command Injection vulnerability in Edimax Technology Co., Ltd.
network
low complexity
edimax CWE-78
8.8
2023-02-07 CVE-2022-38547 OS Command Injection vulnerability in Zyxel products
A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands.
network
low complexity
zyxel CWE-78
7.2
2023-02-02 CVE-2022-46552 OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A53Dbr
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter.
network
low complexity
dlink CWE-78
8.8
2023-02-01 CVE-2023-23076 OS Command Injection vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
network
low complexity
zohocorp CWE-78
critical
9.8
2023-02-01 CVE-2023-23692 OS Command Injection vulnerability in Dell EMC Data Domain OS
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability.
network
low complexity
dell CWE-78
8.8
2023-02-01 CVE-2022-25906 OS Command Injection vulnerability in Is-Http2 Project Is-Http2
All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function.
local
low complexity
is-http2-project CWE-78
7.8