Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-09 | CVE-2019-25066 | OS Command Injection vulnerability in Ajenti 2.1.31 A vulnerability has been found in ajenti 2.1.31 and classified as critical. | 8.8 |
| 2022-06-09 | CVE-2022-1986 | OS Command Injection vulnerability in Gogs OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | 9.8 |
| 2022-06-09 | CVE-2022-29013 | OS Command Injection vulnerability in Razer Sila Firmware 2.0.441Api2.0.418 A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. | 9.8 |
| 2022-06-08 | CVE-2022-1703 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | 8.8 |
| 2022-06-08 | CVE-2022-24065 | OS Command Injection vulnerability in multiple products The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. | 9.8 |
| 2022-06-07 | CVE-2021-35531 | OS Command Injection vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. | 6.7 |
| 2022-06-06 | CVE-2022-31479 | OS Command Injection vulnerability in multiple products An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. | 9.8 |
| 2022-06-06 | CVE-2022-31486 | OS Command Injection vulnerability in multiple products An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. | 8.8 |
| 2022-06-03 | CVE-2021-42890 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | 9.8 |
| 2022-06-03 | CVE-2021-42888 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | 9.8 |