Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-20 | CVE-2022-20964 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. | 8.8 |
2023-01-20 | CVE-2023-20007 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2023-01-19 | CVE-2022-46476 | OS Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05 D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | 9.8 |
2023-01-18 | CVE-2023-0164 | OS Command Injection vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. | 8.8 |
2023-01-17 | CVE-2022-2251 | OS Command Injection vulnerability in Gitlab Runner Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. | 8.0 |
2023-01-17 | CVE-2022-47853 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. | 9.8 |
2023-01-17 | CVE-2023-22279 | OS Command Injection vulnerability in Ate-Mahoroba products MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command. | 9.8 |
2023-01-17 | CVE-2023-22280 | OS Command Injection vulnerability in Ate-Mahoroba products MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
2023-01-17 | CVE-2023-22304 | OS Command Injection vulnerability in Pixela Pix-Rt100 Firmware 2.1.1Eq101/2.1.2Eq101 OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command. | 8.0 |
2023-01-13 | CVE-2022-42289 | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |