Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-35844 | OS Command Injection vulnerability in Fortinet Fortitester An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature. | 7.2 |
| 2022-10-17 | CVE-2022-41751 | OS Command Injection vulnerability in multiple products Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. | 7.8 |
| 2022-10-17 | CVE-2022-2884 | OS Command Injection vulnerability in Gitlab A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint | 9.9 |
| 2022-10-13 | CVE-2022-3492 | OS Command Injection vulnerability in Oretnom23 Human Resource Management System 1.0 A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. | 8.8 |
| 2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
| 2022-10-11 | CVE-2022-34427 | OS Command Injection vulnerability in Dell Container Storage Modules 1.3.0 Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries. | 8.8 |
| 2022-10-10 | CVE-2021-44171 | OS Command Injection vulnerability in Fortinet Fortios A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands. | 8.0 |
| 2022-10-07 | CVE-2022-37893 | OS Command Injection vulnerability in multiple products An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. | 7.8 |
| 2022-10-06 | CVE-2022-41525 | OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. | 9.8 |
| 2022-10-06 | CVE-2022-41518 | OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. | 9.8 |