Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-12-10 CVE-2022-45145 OS Command Injection vulnerability in Call-Cc Chicken
egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file.
network
low complexity
call-cc CWE-78
critical
9.8
2022-12-08 CVE-2022-33186 OS Command Injection vulnerability in Brocade Fabric Operating System
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP address.
network
low complexity
brocade CWE-78
critical
9.8
2022-12-08 CVE-2022-45497 OS Command Injection vulnerability in Tenda W6-S Firmware 1.0.0.4(510)
Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.
network
low complexity
tenda CWE-78
critical
9.8
2022-12-08 CVE-2022-45506 OS Command Injection vulnerability in Tenda W30E Firmware 1.0.1.25(633)
Tenda W30E v1.0.1.25(633) was discovered to contain a command injection vulnerability via the fileNameMit parameter at /goform/delFileName.
network
low complexity
tenda CWE-78
critical
9.8
2022-12-08 CVE-2022-4364 OS Command Injection vulnerability in Flir AX8 Firmware
A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16.
network
low complexity
flir CWE-78
critical
9.8
2022-12-07 CVE-2022-44606 OS Command Injection vulnerability in Unimo products
OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
network
low complexity
unimo CWE-78
8.8
2022-12-07 CVE-2022-45025 OS Command Injection vulnerability in Markdown Preview Enhanced Project Markdown Preview Enhanced 0.19.6/0.6.5
Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function.
network
low complexity
markdown-preview-enhanced-project CWE-78
critical
9.8
2022-12-07 CVE-2022-45026 OS Command Injection vulnerability in Markdown Preview Enhanced Project Markdown Preview Enhanced 0.19.6/0.6.5
An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process.
network
low complexity
markdown-preview-enhanced-project CWE-78
critical
9.8
2022-12-07 CVE-2022-45915 OS Command Injection vulnerability in Ilias
ILIAS before 7.16 allows OS Command Injection.
network
low complexity
ilias CWE-78
8.8
2022-12-06 CVE-2022-43867 OS Command Injection vulnerability in IBM Spectrum Scale Container Native Storage Access 5.1.0.1/5.1.2.1/5.1.4.1
IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacker to execute arbitrary commands in the container.
local
low complexity
ibm CWE-78
7.8