Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-06-16 CVE-2022-30023 OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
network
low complexity
tenda CWE-78
8.8
2022-06-15 CVE-2022-33140 OS Command Injection vulnerability in Apache Nifi and Nifi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms.
network
low complexity
apache CWE-78
8.8
2022-06-14 CVE-2022-31311 OS Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
network
low complexity
wavlink CWE-78
critical
9.8
2022-06-14 CVE-2022-31446 OS Command Injection vulnerability in Tendacn Ac18 Firmware 15.03.05.05/15.03.05.19
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
network
low complexity
tendacn CWE-78
critical
9.8
2022-06-11 CVE-2021-41738 OS Command Injection vulnerability in Zeroshell 3.9.5
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
network
low complexity
zeroshell CWE-78
8.8
2022-06-09 CVE-2019-25065 OS Command Injection vulnerability in Opennetadmin 18.1.1
A vulnerability was found in OpenNetAdmin 18.1.1.
network
low complexity
opennetadmin CWE-78
critical
9.8
2022-06-09 CVE-2019-25066 OS Command Injection vulnerability in Ajenti 2.1.31
A vulnerability has been found in ajenti 2.1.31 and classified as critical.
network
low complexity
ajenti CWE-78
8.8
2022-06-09 CVE-2022-1986 OS Command Injection vulnerability in Gogs
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
network
low complexity
gogs CWE-78
critical
9.8
2022-06-09 CVE-2022-29013 OS Command Injection vulnerability in Razer Sila Firmware 2.0.441Api2.0.418
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
network
low complexity
razer CWE-78
critical
9.8
2022-06-08 CVE-2022-1703 OS Command Injection vulnerability in Sonicwall products
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.
network
low complexity
sonicwall CWE-78
8.8