Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-07 | CVE-2021-35531 | OS Command Injection vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. | 6.7 |
2022-06-06 | CVE-2022-31479 | OS Command Injection vulnerability in multiple products An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. | 9.8 |
2022-06-06 | CVE-2022-31486 | OS Command Injection vulnerability in multiple products An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. | 8.8 |
2022-06-03 | CVE-2021-42890 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | 9.8 |
2022-06-03 | CVE-2021-42888 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | 9.8 |
2022-06-03 | CVE-2021-42884 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | 9.8 |
2022-06-03 | CVE-2021-42885 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | 9.8 |
2022-06-02 | CVE-2022-26868 | OS Command Injection vulnerability in Dell Powerstoreos Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. | 7.8 |
2022-06-02 | CVE-2021-42875 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | 9.8 |
2022-06-02 | CVE-2021-34078 | OS Command Injection vulnerability in ADP Lifion-Verifiy-Dependencies lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | 8.8 |