Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-11-23 CVE-2022-44251 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44252 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-22 CVE-2022-44201 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
network
low complexity
dlink CWE-78
critical
9.8
2022-11-22 CVE-2022-44808 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests.
network
low complexity
dlink CWE-78
critical
9.8
2022-11-22 CVE-2022-40954 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
5.5
2022-11-17 CVE-2022-45461 OS Command Injection vulnerability in Veritas Netbackup
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
network
low complexity
veritas CWE-78
8.8
2022-11-15 CVE-2022-20925 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
7.2
2022-11-15 CVE-2022-20926 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
8.8
2022-11-15 CVE-2022-20934 OS Command Injection vulnerability in Cisco Firepower Threat Defense
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands.
local
low complexity
cisco CWE-78
6.7
2022-11-15 CVE-2022-41395 OS Command Injection vulnerability in Tenda W15E Firmware 15.11.0.10(1576)
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function.
local
low complexity
tenda CWE-78
7.8