Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-07 | CVE-2023-22643 | OS Command Injection vulnerability in Opensuse Libzypp-Plugin-Appdata An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. | 7.8 |
| 2023-02-07 | CVE-2022-38547 | OS Command Injection vulnerability in Zyxel products A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands. | 7.2 |
| 2023-02-02 | CVE-2022-46552 | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A53Dbr D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. | 8.8 |
| 2023-02-01 | CVE-2023-23076 | OS Command Injection vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0 OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 9.8 |
| 2023-02-01 | CVE-2023-23692 | OS Command Injection vulnerability in Dell EMC Data Domain OS Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. | 8.8 |
| 2023-02-01 | CVE-2022-25906 | OS Command Injection vulnerability in Is-Http2 Project Is-Http2 All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. | 7.8 |
| 2023-01-30 | CVE-2022-42484 | OS Command Injection vulnerability in multiple products An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. | 9.8 |
| 2023-01-27 | CVE-2022-48107 | OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. | 9.8 |
| 2023-01-27 | CVE-2022-48108 | OS Command Injection vulnerability in Dlink DIR 878 Firmware 1.30B08 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. | 9.8 |
| 2023-01-27 | CVE-2022-48069 | OS Command Injection vulnerability in Totolink A830R Firmware 4.1.2Cu.5182 Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter. | 7.5 |