Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-20718 1Cisco 1Ios Xe Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code...Show more Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2022-20693 1Cisco 1Ios Xe Nov 21, 2024 Apr 15, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input vali...Show more A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.Show less
CVE-2022-27188 1Yokogawa 2B/m9000 Vp Centum Vp Nov 21, 2024 Apr 15, 2022 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker wh...Show more OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.Show less
CVE-2021-22795 1Schneider Electric 1Struxureware Data Center Expert Nov 21, 2024 Apr 13, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureW...Show more A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when performed over the network. Affected Product: StruxureWare Data Center Expert (V7.8.1 and prior)Show less
CVE-2022-29080 1Npm Dependency Versions Project 1Npm Dependency Versions Nov 21, 2024 Apr 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a...Show more The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.Show less
CVE-2022-1262 1Dlink 10Dir 1360 Firmware Dir 1760 FirmwareDir 1960 Firmware+7 more Nov 21, 2024 Apr 11, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.
CVE-2022-0999 1Myscada 1Mypro Nov 21, 2024 Apr 11, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.
CVE-2022-26413 1Zyxel 32Ax7501 B0 Firmware Dx5401 B0 FirmwareEmg3525 T50b Firmware+29 more Nov 21, 2024 Apr 11, 2022 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN inte...Show more A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.Show less
CVE-2022-27276 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packe...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27275 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packe...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27274 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packe...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27273 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packe...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27272 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packe...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27271 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted pac...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27270 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27269 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted pa...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet.Show less
CVE-2022-27268 1Inhandnetworks 1Inrouter 900 Firmware Nov 21, 2024 Apr 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a cr...Show more InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet.Show less
CVE-2021-36293 1Dell 1Emc Unity Operating Environment Nov 21, 2024 Apr 8, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.
CVE-2021-36287 1Dell 1Emc Unity Operating Environment Nov 21, 2024 Apr 8, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.
CVE-2022-26670 1Dlink 1Dir 878 Firmware Nov 21, 2024 Apr 7, 2022 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system o...Show more D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.Show less

Previous 1...183184185...299 Next