Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-07 | CVE-2022-37893 | OS Command Injection vulnerability in multiple products An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. | 7.8 |
| 2022-10-06 | CVE-2022-41525 | OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi. | 9.8 |
| 2022-10-06 | CVE-2022-41518 | OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910 TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi. | 9.8 |
| 2022-10-03 | CVE-2022-40764 | OS Command Injection vulnerability in Snyk CLI and Golang CLI Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. | 7.8 |
| 2022-09-30 | CVE-2022-20851 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2022-09-30 | CVE-2022-20855 | OS Command Injection vulnerability in Cisco IOS XE 17.6.1 A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. | 6.7 |
| 2022-09-30 | CVE-2022-20930 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. | 6.7 |
| 2022-09-29 | CVE-2022-40475 | OS Command Injection vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027 TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi. | 9.8 |
| 2022-09-28 | CVE-2022-40929 | OS Command Injection vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | 9.8 |
| 2022-09-21 | CVE-2022-39224 | OS Command Injection vulnerability in Ruby-Arr-Pm Project Ruby-Arr-Pm Arr-pm is an RPM reader/writer library written in Ruby. | 7.8 |