Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2022-20964 OS Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface.
network
low complexity
cisco CWE-78
8.8
2023-01-20 CVE-2023-20007 OS Command Injection vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-78
7.2
2023-01-19 CVE-2022-46476 OS Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05
D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function.
network
low complexity
dlink CWE-78
critical
9.8
2023-01-18 CVE-2023-0164 OS Command Injection vulnerability in Orangescrum 2.0.11
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server.
network
low complexity
orangescrum CWE-78
8.8
2023-01-17 CVE-2022-2251 OS Command Injection vulnerability in Gitlab Runner
Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user.
network
low complexity
gitlab CWE-78
8.0
2023-01-17 CVE-2022-47853 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service.
network
low complexity
totolink CWE-78
critical
9.8
2023-01-17 CVE-2023-22279 OS Command Injection vulnerability in Ate-Mahoroba products
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command.
network
low complexity
ate-mahoroba CWE-78
critical
9.8
2023-01-17 CVE-2023-22280 OS Command Injection vulnerability in Ate-Mahoroba products
MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.
network
low complexity
ate-mahoroba CWE-78
7.2
2023-01-17 CVE-2023-22304 OS Command Injection vulnerability in Pixela Pix-Rt100 Firmware 2.1.1Eq101/2.1.2Eq101
OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command.
low complexity
pixela CWE-78
8.0
2023-01-13 CVE-2022-42289 OS Command Injection vulnerability in Nvidia DGX A100 Firmware
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering.
network
low complexity
nvidia CWE-78
8.8