Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-05 | CVE-2022-43538 | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. | 7.2 |
2023-01-03 | CVE-2022-35845 | OS Command Injection vulnerability in Fortinet Fortitester Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell. | 8.8 |
2023-01-03 | CVE-2022-39947 | OS Command Injection vulnerability in Fortinet Fortiadc A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |
2022-12-30 | CVE-2022-46597 | OS Command Injection vulnerability in Trendnet Tew-755Ap Firmware 1.13B01 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | 9.8 |
2022-12-30 | CVE-2022-46598 | OS Command Injection vulnerability in Trendnet Tew-755Ap Firmware 1.13B01 TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | 9.8 |
2022-12-25 | CVE-2022-40005 | OS Command Injection vulnerability in Intelbras Wifiber 120Ac Inmesh Firmware 1.1220216 Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | 8.8 |
2022-12-23 | CVE-2022-45709 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. | 9.8 |
2022-12-23 | CVE-2022-45711 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. | 9.8 |
2022-12-23 | CVE-2022-45717 | OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. | 9.8 |
2022-12-23 | CVE-2022-44567 | OS Command Injection vulnerability in Rocket.Chat A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). | 9.8 |