Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-10-25 CVE-2022-39327 OS Command Injection vulnerability in Microsoft Azure Command-Line Interface
Azure CLI is the command-line interface for Microsoft Azure.
network
low complexity
microsoft CWE-78
critical
9.8
2022-10-21 CVE-2022-34437 OS Command Injection vulnerability in Dell EMC Powerscale Onefs
Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command injection vulnerability.
local
low complexity
dell CWE-78
6.7
2022-10-19 CVE-2022-43184 OS Command Injection vulnerability in Dlink Dir-878 Firmware 1.30B08
D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command injection vulnerability via the component /bin/proc.cgi.
network
low complexity
dlink CWE-78
critical
9.8
2022-10-18 CVE-2022-33872 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
network
low complexity
fortinet CWE-78
critical
9.8
2022-10-18 CVE-2022-33873 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Console login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to execute arbitrary command in the underlying shell.
network
low complexity
fortinet CWE-78
critical
9.8
2022-10-18 CVE-2022-33874 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated remote attacker to execute arbitrary command in the underlying shell.
network
low complexity
fortinet CWE-78
critical
9.8
2022-10-18 CVE-2022-35844 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to commands of the certificate import feature.
network
low complexity
fortinet CWE-78
7.2
2022-10-17 CVE-2022-41751 OS Command Injection vulnerability in multiple products
Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option.
local
low complexity
jhead-project fedoraproject debian CWE-78
7.8
2022-10-17 CVE-2022-2884 OS Command Injection vulnerability in Gitlab
A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
network
low complexity
gitlab CWE-78
critical
9.9
2022-10-13 CVE-2022-3492 OS Command Injection vulnerability in Oretnom23 Human Resource Management System 1.0
A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0.
network
low complexity
oretnom23 CWE-78
8.8