Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-02 | CVE-2022-28573 | OS Command Injection vulnerability in Dlink Dir-823 PRO Firmware 1.0.2 D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. | 9.8 |
| 2022-05-02 | CVE-2022-28571 | OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06 D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. | 9.8 |
| 2022-05-02 | CVE-2022-28572 | OS Command Injection vulnerability in Tenda Ax1803 Firmware and Ax1806 Firmware Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | 8.8 |
| 2022-04-29 | CVE-2022-29937 | OS Command Injection vulnerability in USU Oracle Optimization 20210817 USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. | 8.8 |
| 2022-04-27 | CVE-2021-46422 | OS Command Injection vulnerability in Telesquare Sdt-Cs3B1 Firmware 1.1.0 Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | 9.8 |
| 2022-04-27 | CVE-2021-46441 | OS Command Injection vulnerability in Dlink Dir-825 Firmware In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization. | 8.8 |
| 2022-04-22 | CVE-2022-1440 | OS Command Injection vulnerability in Git-Interface Project Git-Interface Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. | 9.8 |
| 2022-04-15 | CVE-2022-20693 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. | 7.2 |
| 2022-04-15 | CVE-2022-20718 | OS Command Injection vulnerability in Cisco IOS XE Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 7.2 |
| 2022-04-15 | CVE-2022-27188 | OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | 7.8 |