Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-10-13 CVE-2022-24697 OS Command Injection vulnerability in Apache Kylin
Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu.
network
low complexity
apache CWE-78
critical
9.8
2022-10-11 CVE-2022-34427 OS Command Injection vulnerability in Dell Container Storage Modules 1.3.0
Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries.
network
low complexity
dell CWE-78
8.8
2022-10-10 CVE-2021-44171 OS Command Injection vulnerability in Fortinet Fortios
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
low complexity
fortinet CWE-78
8.0
2022-10-07 CVE-2022-37893 OS Command Injection vulnerability in multiple products
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface.
local
low complexity
arubanetworks siemens CWE-78
7.8
2022-10-06 CVE-2022-41525 OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the OpModeCfg function at /cgi-bin/cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
9.8
2022-10-06 CVE-2022-41518 OS Command Injection vulnerability in Totolink Nr1800X Firmware 9.1.0U.6279B20210910
TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a command injection vulnerability via the UploadFirmwareFile function at /cgi-bin/cstecgi.cgi.
network
low complexity
totolink CWE-78
critical
9.8
2022-10-03 CVE-2022-40764 OS Command Injection vulnerability in Snyk CLI and Golang CLI
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package.
local
low complexity
snyk CWE-78
7.8
2022-09-30 CVE-2022-20851 OS Command Injection vulnerability in Cisco IOS XE 17.6.1
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
network
low complexity
cisco CWE-78
7.2
2022-09-30 CVE-2022-20855 OS Command Injection vulnerability in Cisco IOS XE 17.6.1
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point.
local
low complexity
cisco CWE-78
6.7
2022-09-30 CVE-2022-20930 OS Command Injection vulnerability in Cisco products
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system.
local
low complexity
cisco CWE-78
6.7