Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-22 | CVE-2022-44808 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03 A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. | 9.8 |
| 2022-11-22 | CVE-2022-40954 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. | 5.5 |
| 2022-11-17 | CVE-2022-45461 | OS Command Injection vulnerability in Veritas Netbackup The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | 8.8 |
| 2022-11-15 | CVE-2022-20925 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. | 7.2 |
| 2022-11-15 | CVE-2022-20926 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. | 8.8 |
| 2022-11-15 | CVE-2022-20934 | OS Command Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. | 6.7 |
| 2022-11-15 | CVE-2022-41395 | OS Command Injection vulnerability in Tenda W15E Firmware 15.11.0.10(1576) Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | 7.8 |
| 2022-11-15 | CVE-2022-41396 | OS Command Injection vulnerability in Tenda W15E Firmware 15.11.0.10(1576) Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain multiple command injection vulnerabilities in the function setIPsecTunnelList via the IPsecLocalNet and IPsecRemoteNet parameters. | 7.8 |
| 2022-11-15 | CVE-2022-42053 | OS Command Injection vulnerability in Tenda W15E Firmware 15.11.0.10(1576) Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | 7.8 |
| 2022-11-15 | CVE-2022-40847 | OS Command Injection vulnerability in Tenda W15E Firmware 15.11.0.10(1576) In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a command injection vulnerability in the function formSetFixTools. | 7.8 |