Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-20 | CVE-2022-46538 | OS Command Injection vulnerability in Tenda F1203 Firmware 2.0.1.6 Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | 9.8 |
| 2022-12-20 | CVE-2022-45942 | OS Command Injection vulnerability in Baijiacms Project Baijiacms 4.0/4.1.4/41420170105 A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | 8.8 |
| 2022-12-20 | CVE-2022-25171 | OS Command Injection vulnerability in P4 Project P4 The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization | 9.8 |
| 2022-12-19 | CVE-2022-43443 | OS Command Injection vulnerability in Buffalo products OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | 8.8 |
| 2022-12-19 | CVE-2022-43466 | OS Command Injection vulnerability in Buffalo products OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | 6.8 |
| 2022-12-19 | CVE-2022-44456 | OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4 CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | 9.8 |
| 2022-12-16 | CVE-2022-26580 | OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419 PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. | 6.8 |
| 2022-12-16 | CVE-2022-26582 | OS Command Injection vulnerability in Paxtechnology Paydroid 7.1.1Virgov04.3.26T120210419 PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. | 7.8 |
| 2022-12-16 | CVE-2022-47208 | OS Command Injection vulnerability in Netgear products The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. | 8.8 |
| 2022-12-16 | CVE-2022-47210 | OS Command Injection vulnerability in Netgear Rax30 Firmware The default console presented to users over telnet (when enabled) is restricted to a subset of commands. | 7.8 |