Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-44251 | OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | 9.8 |
| 2022-11-23 | CVE-2022-44252 | OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | 9.8 |
| 2022-11-22 | CVE-2022-44201 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | 9.8 |
| 2022-11-22 | CVE-2022-44808 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03 A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. | 9.8 |
| 2022-11-22 | CVE-2022-40954 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. | 5.5 |
| 2022-11-17 | CVE-2022-45461 | OS Command Injection vulnerability in Veritas Netbackup The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | 8.8 |
| 2022-11-15 | CVE-2022-20925 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. | 7.2 |
| 2022-11-15 | CVE-2022-20926 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. | 8.8 |
| 2022-11-15 | CVE-2022-20934 | OS Command Injection vulnerability in Cisco Firepower Threat Defense A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. | 6.7 |
| 2022-11-15 | CVE-2022-41395 | OS Command Injection vulnerability in Tenda W15E Firmware 15.11.0.10(1576) Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the dmzHost parameter in the setDMZ function. | 7.8 |