Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2022-48125 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function. | 9.8 |
| 2023-01-20 | CVE-2022-48126 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function. | 9.8 |
| 2023-01-20 | CVE-2023-23596 | OS Command Injection vulnerability in Jc21 Nginx Proxy Manager jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. | 8.8 |
| 2023-01-20 | CVE-2022-20964 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. | 8.8 |
| 2023-01-20 | CVE-2023-20007 | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
| 2023-01-19 | CVE-2022-46476 | OS Command Injection vulnerability in Dlink Dir-859 A1 Firmware 1.05 D-Link DIR-859 A1 1.05 was discovered to contain a command injection vulnerability via the service= variable in the soapcgi_main function. | 9.8 |
| 2023-01-18 | CVE-2023-0164 | OS Command Injection vulnerability in Orangescrum 2.0.11 OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. | 8.8 |
| 2023-01-18 | CVE-2022-43483 | OS Command Injection vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the monitor services of the software. | 7.2 |
| 2023-01-18 | CVE-2022-47911 | OS Command Injection vulnerability in Sewio Real-Time Location System Studio Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. | 7.2 |
| 2023-01-17 | CVE-2022-2251 | OS Command Injection vulnerability in Gitlab Runner Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially crafted name and gets another user to trigger a pipeline to execute commands in the runner as that other user. | 8.0 |