Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-20930 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system.
local
low complexity
cisco CWE-78
6.7
2022-09-29 CVE-2022-40475 OS Command Injection vulnerability in Totolink A860R Firmware 4.1.2Cu.5182B20201027
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.
network
low complexity
totolink CWE-78
critical
9.8
2022-09-28 CVE-2022-40929 OS Command Injection vulnerability in Xuxueli Xxl-Job 2.2.0
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
network
low complexity
xuxueli CWE-78
critical
9.8
2022-09-21 CVE-2022-39224 OS Command Injection vulnerability in Ruby-Arr-Pm Project Ruby-Arr-Pm
Arr-pm is an RPM reader/writer library written in Ruby.
local
low complexity
ruby-arr-pm-project CWE-78
7.8
2022-09-20 CVE-2022-37878 OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host.
network
low complexity
arubanetworks CWE-78
7.2
2022-09-16 CVE-2022-38826 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
9.8
2022-09-16 CVE-2022-38828 OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518
TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi
network
low complexity
totolink CWE-78
critical
9.8
2022-09-15 CVE-2022-38534 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.
network
low complexity
totolink CWE-78
7.2
2022-09-15 CVE-2022-38535 OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374
TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.
network
low complexity
totolink CWE-78
7.2
2022-09-14 CVE-2022-38308 OS Command Injection vulnerability in Totolink A7000Ru Firmware 7.4Cu.2313B20191024
TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem.
network
low complexity
totolink CWE-78
critical
9.8