Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-45709 OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function.
network
low complexity
ip-com CWE-78
critical
9.8
2022-12-23 CVE-2022-45711 OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function.
network
low complexity
ip-com CWE-78
critical
9.8
2022-12-23 CVE-2022-45717 OS Command Injection vulnerability in Ip-Com M50 Firmware 15.11.0.33
IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
network
low complexity
ip-com CWE-78
critical
9.8
2022-12-23 CVE-2022-44567 OS Command Injection vulnerability in Rocket.Chat
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17).
network
low complexity
rocket-chat CWE-78
critical
9.8
2022-12-23 CVE-2021-32692 OS Command Injection vulnerability in Activitywatch
Activity Watch is a free and open-source automated time tracker.
network
low complexity
activitywatch CWE-78
critical
9.6
2022-12-21 CVE-2022-24431 OS Command Injection vulnerability in Abacus-Ext-Cmdline Project Abacus-Ext-Cmdline
All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.
network
low complexity
abacus-ext-cmdline-project CWE-78
critical
9.8
2022-12-20 CVE-2022-40624 OS Command Injection vulnerability in Pfsense Pfblockerng
pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.
network
low complexity
pfsense CWE-78
critical
9.8
2022-12-20 CVE-2022-46538 OS Command Injection vulnerability in Tenda F1203 Firmware 2.0.1.6
Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.
network
low complexity
tenda CWE-78
critical
9.8
2022-12-20 CVE-2022-45942 OS Command Injection vulnerability in Baijiacms Project Baijiacms 4.0/4.1.4/41420170105
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
network
low complexity
baijiacms-project CWE-78
8.8
2022-12-20 CVE-2022-25171 OS Command Injection vulnerability in P4 Project P4
The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization
network
low complexity
p4-project CWE-78
critical
9.8