Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-12-01 CVE-2022-4221 OS Command Injection vulnerability in Asus Nas-M25 Firmware
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.
network
low complexity
asus CWE-78
critical
9.8
2022-12-01 CVE-2022-45045 OS Command Injection vulnerability in Xiongmaitech products
Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow authenticated users to execute arbitrary commands as root, as exploited in the wild starting in approximately 2019.
network
low complexity
xiongmaitech CWE-78
8.8
2022-11-30 CVE-2021-4242 OS Command Injection vulnerability in Sapido products
A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical.
network
low complexity
sapido CWE-78
8.8
2022-11-30 CVE-2022-22984 OS Command Injection vulnerability in Snyk products
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342).
network
low complexity
snyk CWE-78
6.3
2022-11-30 CVE-2022-24441 OS Command Injection vulnerability in Snyk Security
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project.
network
low complexity
snyk CWE-78
8.8
2022-11-28 CVE-2022-45939 OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program.
local
low complexity
gnu debian fedoraproject CWE-78
7.8
2022-11-25 CVE-2022-44843 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-25 CVE-2022-44844 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44249 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44250 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-78
critical
9.8