Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2023-24422 | OS Command Injection vulnerability in Jenkins Script Security A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | 8.8 |
| 2023-01-26 | CVE-2022-29843 | OS Command Injection vulnerability in Westerndigital products A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. | 9.8 |
| 2023-01-26 | CVE-2022-40719 | OS Command Injection vulnerability in Dlink Dir-2150 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. | 8.8 |
| 2023-01-26 | CVE-2022-40720 | OS Command Injection vulnerability in Dlink Dir-2150 Firmware This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. | 8.8 |
| 2023-01-24 | CVE-2022-45639 | OS Command Injection vulnerability in Sleuthkit the Sleuth KIT 4.11.1 OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. | 7.8 |
| 2023-01-23 | CVE-2022-37718 | OS Command Injection vulnerability in Edgenexus Application Delivery Controller 4.2.8 The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. | 8.8 |
| 2023-01-20 | CVE-2022-48121 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | 9.8 |
| 2023-01-20 | CVE-2022-48122 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | 9.8 |
| 2023-01-20 | CVE-2022-48123 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function. | 9.8 |
| 2023-01-20 | CVE-2022-48124 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function. | 9.8 |