Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-42490 | OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. | 9.8 |
| 2023-01-26 | CVE-2022-42491 | OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. | 9.8 |
| 2023-01-26 | CVE-2022-42492 | OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. | 9.8 |
| 2023-01-26 | CVE-2022-42493 | OS Command Injection vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020 Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. | 9.8 |
| 2023-01-26 | CVE-2023-24422 | OS Command Injection vulnerability in Jenkins Script Security A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 |
| 2023-01-26 | CVE-2022-29843 | OS Command Injection vulnerability in Westerndigital products A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. | 9.8 |
| 2023-01-26 | CVE-2022-40719 | OS Command Injection vulnerability in Dlink Dir-2150 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. | 8.8 |
| 2023-01-26 | CVE-2022-40720 | OS Command Injection vulnerability in Dlink Dir-2150 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. | 8.8 |
| 2023-01-24 | CVE-2022-45639 | OS Command Injection vulnerability in Sleuthkit the Sleuth KIT 4.11.1 OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. | 7.8 |
| 2023-01-23 | CVE-2022-37718 | OS Command Injection vulnerability in Edgenexus Application Delivery Controller 4.2.8 The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. | 8.8 |