Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-16 | CVE-2022-30303 | OS Command Injection vulnerability in Fortinet Fortiweb An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. | 8.8 |
2023-02-16 | CVE-2022-33869 | OS Command Injection vulnerability in Fortinet Fortiwan An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 8.8 |
2023-02-16 | CVE-2023-23779 | OS Command Injection vulnerability in Fortinet Fortiweb Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | 8.8 |
2023-02-16 | CVE-2023-0861 | OS Command Injection vulnerability in Netmodule Router Software NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | 8.8 |
2023-02-14 | CVE-2023-0830 | OS Command Injection vulnerability in Easynas 1.1.0 A vulnerability classified as critical has been found in EasyNAS 1.1.0. | 8.8 |
2023-02-12 | CVE-2023-20076 | OS Command Injection vulnerability in Cisco products A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. | 8.8 |
2023-02-11 | CVE-2022-34447 | OS Command Injection vulnerability in Dell Powerpath Management Appliance PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. | 7.2 |
2023-02-11 | CVE-2022-45104 | OS Command Injection vulnerability in Dell products Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. | 8.8 |
2023-02-10 | CVE-2023-24816 | OS Command Injection vulnerability in Ipython IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. | 7.0 |
2023-02-10 | CVE-2022-46649 | OS Command Injection vulnerability in Sierrawireless Aleos Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | 8.8 |