Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-30 | CVE-2022-46597 | OS Command Injection vulnerability in Trendnet Tew-755Ap Firmware 1.13B01 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | 9.8 |
| 2022-12-30 | CVE-2022-46598 | OS Command Injection vulnerability in Trendnet Tew-755Ap Firmware 1.13B01 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | 9.8 |
| 2022-12-25 | CVE-2022-40005 | OS Command Injection vulnerability in Intelbras Wifiber 120Ac Inmesh Firmware 1.1220216 Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | 8.8 |
| 2022-12-23 | CVE-2022-45709 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. | 9.8 |
| 2022-12-23 | CVE-2022-45711 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. | 9.8 |
| 2022-12-23 | CVE-2022-45717 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 |
| 2022-12-23 | CVE-2022-44567 | OS Command Injection vulnerability in Rocket.Chat A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). | 9.8 |
| 2022-12-23 | CVE-2021-32692 | OS Command Injection vulnerability in Activitywatch Activity Watch is a free and open-source automated time tracker. | 9.6 |
| 2022-12-21 | CVE-2022-24431 | OS Command Injection vulnerability in Abacus-Ext-Cmdline Project Abacus-Ext-Cmdline All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | 9.8 |
| 2022-12-20 | CVE-2022-40624 | OS Command Injection vulnerability in Pfsense Pfblockerng pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | 9.8 |