Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-44844 OS Command Injection vulnerability in Totolink A7100Ru Firmware 7.4Cu.2313B20191024
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pass parameter in the setting/setOpenVpnCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44249 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the UploadFirmwareFile function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44250 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the hostName parameter in the setOpModeCfg function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44251 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the ussd parameter in the setUssd function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-23 CVE-2022-44252 OS Command Injection vulnerability in Totolink Lr350 Firmware 9.3.5U.6369B20220309
TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection via the FileName parameter in the setUploadSetting function.
network
low complexity
totolink CWE-78
critical
9.8
2022-11-22 CVE-2022-44201 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
network
low complexity
dlink CWE-78
critical
9.8
2022-11-22 CVE-2022-44808 OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B03
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests.
network
low complexity
dlink CWE-78
critical
9.8
2022-11-22 CVE-2022-40954 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
5.5
2022-11-17 CVE-2022-45461 OS Command Injection vulnerability in Veritas Netbackup
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
network
low complexity
veritas CWE-78
8.8
2022-11-15 CVE-2022-20925 OS Command Injection vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web management interface of the Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for certain API endpoints.
network
low complexity
cisco CWE-78
7.2