Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-25 | CVE-2022-44844 | OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function. | 9.8 |
| 2022-11-23 | CVE-2022-44249 | OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function. | 9.8 |
| 2022-11-23 | CVE-2022-44250 | OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function. | 9.8 |
| 2022-11-23 | CVE-2022-44251 | OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function. | 9.8 |
| 2022-11-23 | CVE-2022-44252 | OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309 TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function. | 9.8 |
| 2022-11-22 | CVE-2022-44201 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection. | 9.8 |
| 2022-11-22 | CVE-2022-44808 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03 A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. | 9.8 |
| 2022-11-22 | CVE-2022-40954 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. | 5.5 |
| 2022-11-17 | CVE-2022-45461 | OS Command Injection vulnerability in Veritas Netbackup The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | 8.8 |
| 2022-11-15 | CVE-2022-20925 | OS Command Injection vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints. | 7.2 |