Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-44567 OS Command Injection vulnerability in Rocket.Chat
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17).
network
low complexity
rocket-chat CWE-78
critical
9.8
2022-12-23 CVE-2021-32692 OS Command Injection vulnerability in Activitywatch
Activity Watch is a free and open-source automated time tracker.
network
low complexity
activitywatch CWE-78
critical
9.6
2022-12-21 CVE-2022-24431 OS Command Injection vulnerability in Abacus-Ext-Cmdline Project Abacus-Ext-Cmdline
All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.
network
low complexity
abacus-ext-cmdline-project CWE-78
critical
9.8
2022-12-20 CVE-2022-40624 OS Command Injection vulnerability in Pfsense Pfblockerng
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
network
low complexity
pfsense CWE-78
critical
9.8
2022-12-20 CVE-2022-46538 OS Command Injection vulnerability in Tenda F1203 Firmware 2.0.1.6
Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.
network
low complexity
tenda CWE-78
critical
9.8
2022-12-20 CVE-2022-45942 OS Command Injection vulnerability in Baijiacms Project Baijiacms 4.0/4.1.4/41420170105
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
network
low complexity
baijiacms-project CWE-78
8.8
2022-12-20 CVE-2022-25171 OS Command Injection vulnerability in P4 Project P4
The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization
network
low complexity
p4-project CWE-78
critical
9.8
2022-12-19 CVE-2022-43443 OS Command Injection vulnerability in Buffalo products
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
low complexity
buffalo CWE-78
8.8
2022-12-19 CVE-2022-43466 OS Command Injection vulnerability in Buffalo products
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
low complexity
buffalo CWE-78
6.8
2022-12-19 CVE-2022-44456 OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4
CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request.
network
low complexity
contec CWE-78
critical
9.8