Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-27373 OS Command Injection vulnerability in Phicomm Fir303B Firmware
Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.
network
low complexity
phicomm CWE-78
8.8
2022-07-19 CVE-2022-27483 OS Command Injection vulnerability in Fortinet Fortianalyzer and Fortimanager
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
network
low complexity
fortinet CWE-78
7.2
2022-07-18 CVE-2022-33891 OS Command Injection vulnerability in Apache Spark
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.
network
low complexity
apache CWE-78
8.8
2022-07-17 CVE-2022-26481 OS Command Injection vulnerability in Poly products
An issue was discovered in Poly Studio before 3.7.0.
network
low complexity
poly CWE-78
8.8
2022-07-17 CVE-2022-26482 OS Command Injection vulnerability in Poly Eagleeye Director II Firmware
An issue was discovered in Poly EagleEye Director II before 2.2.2.1.
network
low complexity
poly CWE-78
7.2
2022-07-14 CVE-2022-32212 OS Command Injection vulnerability in multiple products
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
network
high complexity
nodejs debian fedoraproject siemens CWE-78
8.1
2022-07-14 CVE-2022-28373 OS Command Injection vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua.
network
low complexity
verizon CWE-78
critical
9.8
2022-07-14 CVE-2022-28374 OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal.
network
low complexity
verizon CWE-78
8.8
2022-07-14 CVE-2022-28375 OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener.
network
low complexity
verizon CWE-78
critical
9.8
2022-07-13 CVE-2022-28888 OS Command Injection vulnerability in Spryker Cloud Commerce
Spryker Commerce OS 1.4.2 allows Remote Command Execution.
network
low complexity
spryker CWE-78
critical
9.8