Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-14 | CVE-2022-28374 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. | 8.8 |
| 2022-07-14 | CVE-2022-28375 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. | 9.8 |
| 2022-07-13 | CVE-2022-28888 | OS Command Injection vulnerability in Spryker Cloud Commerce Spryker Commerce OS 1.4.2 allows Remote Command Execution. | 9.8 |
| 2022-07-12 | CVE-2022-22997 | OS Command Injection vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices. | 9.8 |
| 2022-07-12 | CVE-2021-36667 | OS Command Injection vulnerability in Druva Insync Client Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library. | 7.8 |
| 2022-07-07 | CVE-2022-32054 | OS Command Injection vulnerability in Tenda Ac10 Firmware 15.03.06.26 Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter. | 9.8 |
| 2022-07-07 | CVE-2022-25048 | OS Command Injection vulnerability in Control-Webpanel Webpanel 0.9.8.1126 Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user. | 8.8 |
| 2022-07-06 | CVE-2022-34595 | OS Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.12890 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status. | 9.8 |
| 2022-07-06 | CVE-2022-34596 | OS Command Injection vulnerability in Tenda Ax1803 Firmware 1.0.0.12890 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | 9.8 |
| 2022-07-06 | CVE-2022-34597 | OS Command Injection vulnerability in Tenda Ax1806 Firmware 1.0.0.1 Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting. | 9.8 |