Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-23 | CVE-2022-44567 | OS Command Injection vulnerability in Rocket.Chat A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). | 9.8 |
| 2022-12-23 | CVE-2021-32692 | OS Command Injection vulnerability in Activitywatch Activity Watch is a free and open-source automated time tracker. | 9.6 |
| 2022-12-21 | CVE-2022-24431 | OS Command Injection vulnerability in Abacus-Ext-Cmdline Project Abacus-Ext-Cmdline All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | 9.8 |
| 2022-12-20 | CVE-2022-40624 | OS Command Injection vulnerability in Pfsense Pfblockerng pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814. | 9.8 |
| 2022-12-20 | CVE-2022-46538 | OS Command Injection vulnerability in Tenda F1203 Firmware 2.0.1.6 Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac. | 9.8 |
| 2022-12-20 | CVE-2022-45942 | OS Command Injection vulnerability in Baijiacms Project Baijiacms 4.0/4.1.4/41420170105 A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. | 8.8 |
| 2022-12-20 | CVE-2022-25171 | OS Command Injection vulnerability in P4 Project P4 The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization | 9.8 |
| 2022-12-19 | CVE-2022-43443 | OS Command Injection vulnerability in Buffalo products OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | 8.8 |
| 2022-12-19 | CVE-2022-43466 | OS Command Injection vulnerability in Buffalo products OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | 6.8 |
| 2022-12-19 | CVE-2022-44456 | OS Command Injection vulnerability in Contec Conprosys HMI System 3.3.0/3.4.3/3.4.4 CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request. | 9.8 |