Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-15 | CVE-2022-27188 | OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | 7.8 |
| 2022-04-12 | CVE-2022-29080 | OS Command Injection vulnerability in Npm-Dependency-Versions Project Npm-Dependency-Versions The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value. | 9.8 |
| 2022-04-11 | CVE-2022-0999 | OS Command Injection vulnerability in Myscada Mypro An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | 8.8 |
| 2022-04-11 | CVE-2022-1262 | OS Command Injection vulnerability in Dlink products A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | 7.8 |
| 2022-04-11 | CVE-2022-26413 | OS Command Injection vulnerability in Zyxel products A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | 8.0 |
| 2022-04-10 | CVE-2022-27268 | OS Command Injection vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. | 9.8 |
| 2022-04-10 | CVE-2022-27269 | OS Command Injection vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. | 9.8 |
| 2022-04-10 | CVE-2022-27270 | OS Command Injection vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. | 9.8 |
| 2022-04-10 | CVE-2022-27271 | OS Command Injection vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. | 9.8 |
| 2022-04-10 | CVE-2022-27272 | OS Command Injection vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. | 9.8 |