Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-34769 | OS Command Injection vulnerability in Rashim Michlol Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. | 5.5 |
| 2022-08-03 | CVE-2022-27616 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 7.2 |
| 2022-08-02 | CVE-2020-28424 | OS Command Injection vulnerability in S3-Kilatstorage Project S3-Kilatstorage This affects all versions of package s3-kilatstorage. | 9.8 |
| 2022-08-01 | CVE-2022-33955 | OS Command Injection vulnerability in IBM Cics TX 11.1 IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. | 6.8 |
| 2022-07-29 | CVE-2022-34527 | OS Command Injection vulnerability in Dlink Dsl-3782 Firmware 1.01/1.03 D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | 8.8 |
| 2022-07-28 | CVE-2022-22684 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in task management component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 8.8 |
| 2022-07-27 | CVE-2022-23100 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | 9.8 |
| 2022-07-27 | CVE-2022-24405 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. | 9.8 |
| 2022-07-22 | CVE-2022-20910 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
| 2022-07-21 | CVE-2022-20885 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |