Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-19 | CVE-2022-27373 | OS Command Injection vulnerability in Phicomm Fir303B Firmware Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function. | 8.8 |
| 2022-07-19 | CVE-2022-27483 | OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands. | 7.2 |
| 2022-07-18 | CVE-2022-33891 | OS Command Injection vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
| 2022-07-17 | CVE-2022-26481 | OS Command Injection vulnerability in Poly products An issue was discovered in Poly Studio before 3.7.0. | 8.8 |
| 2022-07-17 | CVE-2022-26482 | OS Command Injection vulnerability in Poly Eagleeye Director II Firmware An issue was discovered in Poly EagleEye Director II before 2.2.2.1. | 7.2 |
| 2022-07-14 | CVE-2022-32212 | OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | 8.1 |
| 2022-07-14 | CVE-2022-28373 | OS Command Injection vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162 Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. | 9.8 |
| 2022-07-14 | CVE-2022-28374 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. | 8.8 |
| 2022-07-14 | CVE-2022-28375 | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. | 9.8 |
| 2022-07-13 | CVE-2022-28888 | OS Command Injection vulnerability in Spryker Cloud Commerce Spryker Commerce OS 1.4.2 allows Remote Command Execution. | 9.8 |