Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-17 | CVE-2023-22279 | OS Command Injection vulnerability in Ate-Mahoroba products MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote unauthenticated attacker to execute an arbitrary OS command. | 9.8 |
| 2023-01-17 | CVE-2023-22280 | OS Command Injection vulnerability in Ate-Mahoroba products MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 7.2 |
| 2023-01-17 | CVE-2023-22304 | OS Command Injection vulnerability in Pixela Pix-Rt100 Firmware 2.1.1Eq101/2.1.2Eq101 OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS command. | 8.0 |
| 2023-01-13 | CVE-2022-42289 | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |
| 2023-01-13 | CVE-2022-42290 | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |
| 2023-01-13 | CVE-2022-42279 | OS Command Injection vulnerability in Nvidia DGX A100 Firmware NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 8.8 |
| 2023-01-11 | CVE-2022-43390 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. | 8.8 |
| 2023-01-11 | CVE-2022-48252 | OS Command Injection vulnerability in Pi.Alert Project Pi.Alert 1.0 The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. | 9.8 |
| 2023-01-09 | CVE-2022-43971 | OS Command Injection vulnerability in Linksys Wumc710 Firmware 1.0.00/1.0.01/1.0.02 An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). | 7.2 |
| 2023-01-09 | CVE-2022-43973 | OS Command Injection vulnerability in Linksys Wrt54Gl Firmware 4.30.18.006 An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. | 7.2 |