Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-30 | CVE-2022-20855 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. | 6.7 |
| 2022-09-30 | CVE-2022-20930 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. | 6.7 |
| 2022-09-29 | CVE-2022-40475 | OS Command Injection vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | 9.8 |
| 2022-09-28 | CVE-2022-40929 | OS Command Injection vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | 9.8 |
| 2022-09-21 | CVE-2022-39224 | OS Command Injection vulnerability in Ruby-Arr-Pm Project Ruby-Arr-Pm Arr-pm is an RPM reader/writer library written in Ruby. | 7.8 |
| 2022-09-20 | CVE-2022-37878 | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. | 7.2 |
| 2022-09-16 | CVE-2022-38826 | OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. | 9.8 |
| 2022-09-16 | CVE-2022-38828 | OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi | 9.8 |
| 2022-09-15 | CVE-2022-38534 | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374 TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. | 7.2 |
| 2022-09-15 | CVE-2022-38535 | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374 TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. | 7.2 |