Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-01-05 CVE-2022-43538 OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host.
network
low complexity
arubanetworks CWE-78
7.2
2023-01-03 CVE-2022-35845 OS Command Injection vulnerability in Fortinet Fortitester
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiTester 7.1.0, 7.0 all versions, 4.0.0 through 4.2.0, 2.3.0 through 3.9.1 may allow an authenticated attacker to execute arbitrary commands in the underlying shell.
network
low complexity
fortinet CWE-78
8.8
2023-01-03 CVE-2022-39947 OS Command Injection vulnerability in Fortinet Fortiadc
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-78
8.8
2022-12-30 CVE-2022-46597 OS Command Injection vulnerability in Trendnet Tew-755Ap Firmware 1.13B01
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.
network
low complexity
trendnet CWE-78
critical
9.8
2022-12-30 CVE-2022-46598 OS Command Injection vulnerability in Trendnet Tew-755Ap Firmware 1.13B01
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function.
network
low complexity
trendnet CWE-78
critical
9.8
2022-12-25 CVE-2022-40005 OS Command Injection vulnerability in Intelbras Wifiber 120Ac Inmesh Firmware 1.1220216
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
network
low complexity
intelbras CWE-78
8.8
2022-12-23 CVE-2022-45709 OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.
network
low complexity
ip-com CWE-78
critical
9.8
2022-12-23 CVE-2022-45711 OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function.
network
low complexity
ip-com CWE-78
critical
9.8
2022-12-23 CVE-2022-45717 OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
network
low complexity
ip-com CWE-78
critical
9.8
2022-12-23 CVE-2022-44567 OS Command Injection vulnerability in Rocket.Chat
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17).
network
low complexity
rocket-chat CWE-78
critical
9.8