Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-25 | CVE-2022-40005 | OS Command Injection vulnerability in Intelbras Wifiber 120Ac Inmesh Firmware 1.1220216 Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | 8.8 |
| 2022-12-23 | CVE-2022-45709 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. | 9.8 |
| 2022-12-23 | CVE-2022-45711 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. | 9.8 |
| 2022-12-23 | CVE-2022-45717 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 |
| 2022-12-23 | CVE-2022-44567 | OS Command Injection vulnerability in Rocket.Chat A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). | 9.8 |
| 2022-12-23 | CVE-2021-32692 | OS Command Injection vulnerability in Activitywatch Activity Watch is a free and open-source automated time tracker. | 9.6 |
| 2022-12-21 | CVE-2022-24431 | OS Command Injection vulnerability in Abacus-Ext-Cmdline Project Abacus-Ext-Cmdline All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | 9.8 |
| 2022-12-20 | CVE-2022-40624 | OS Command Injection vulnerability in Pfsense Pfblockerng pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | 9.8 |
| 2022-12-20 | CVE-2022-46538 | OS Command Injection vulnerability in Tenda F1203 Firmware 2.0.1.6 Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | 9.8 |
| 2022-12-20 | CVE-2022-45942 | OS Command Injection vulnerability in Baijiacms Project Baijiacms 4.0/4.1.4/41420170105 A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | 8.8 |