Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-03 | CVE-2021-42165 | OS Command Injection vulnerability in Mitrastar Gpt-2541Gnac-N1 Firmware Brg3.5100Vnz0B33 MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | 8.8 |
| 2022-05-02 | CVE-2022-28573 | OS Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. | 9.8 |
| 2022-05-02 | CVE-2022-28571 | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | 9.8 |
| 2022-05-02 | CVE-2022-28572 | OS Command Injection vulnerability in Tenda Ax1803 Firmware and Ax1806 Firmware Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | 8.8 |
| 2022-04-29 | CVE-2022-29937 | OS Command Injection vulnerability in USU Oracle Optimization 20210817 USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. | 8.8 |
| 2022-04-27 | CVE-2021-46422 | OS Command Injection vulnerability in Telesquare Sdt-Cs3B1 Firmware 1.1.0 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | 9.8 |
| 2022-04-27 | CVE-2021-46441 | OS Command Injection vulnerability in Dlink Dir-825 Firmware In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | 8.8 |
| 2022-04-22 | CVE-2022-1440 | OS Command Injection vulnerability in Git-Interface Project Git-Interface Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. | 9.8 |
| 2022-04-15 | CVE-2022-20693 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2022-04-15 | CVE-2022-20718 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |