Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2676

2676 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm. — ruby-arr-pm 7.0 High2022-09-21
CVE-2022-3133 OS Command Injection in jgraph/drawio — jgraph/drawio 8.8 -2022-09-09
CVE-2022-34883 OS Command Injection Vulnerability in RAID Manager Storage Replication Adapter — RAID Manager Storage Replication Adapter 7.2 High2022-09-06
CVE-2022-3008 Command Injection on tinygltf — tinygltf 8.1 High2022-09-05
CVE-2022-34374 Dell Container Storage Modules 操作系统命令注入漏洞 — Dell Container Storage Modules 8.8 High2022-08-30
CVE-2022-31232 Dell SmartFabric Storage Software 操作系统命令注入漏洞 — Smart Fabric Storage Software 8.6 High2022-08-30
CVE-2022-37056 D-Link GO-RT-AC750 操作系统命令注入漏洞 — n/a 9.8 -2022-08-28
CVE-2022-20865 Cisco FXOS Software Command Injection Vulnerability — Cisco Firepower Extensible Operating System (FXOS) 6.7 Medium2022-08-25
CVE-2022-38132 Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. — MR8300 Router 8.2 High2022-08-23
CVE-2022-1513 Lenovo Pcmanager 操作系统命令注入漏洞 — PCManager 7.3 High2022-08-23
CVE-2022-32572 WWBN AVideo 操作系统命令注入漏洞 — AVideo 8.8 -2022-08-22
CVE-2022-30534 WWBN AVideo 操作系统命令注入漏洞 — AVideo 8.8 -2022-08-22
CVE-2022-35976 Improper KubeConfig handling allows arbitrary code execution — vscode-gitops-tools 5.2 Medium2022-08-18
CVE-2022-35975 Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode — vscode-gitops-tools 9.0 Critical2022-08-18
CVE-2022-1410 Remote Code Execution in Device42 ApplianceManager console — CMDB 8.0 High2022-08-16
CVE-2022-36309 Airspan AirVelocity 1500 操作系统命令注入漏洞 — AirVelocity 9.8 -2022-08-16
CVE-2022-2314 VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call — VR Calendar 9.8 -2022-08-15
CVE-2022-22140 TCL LinkHub Mesh Wi-Fi 操作系统命令注入漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-21178 TCL LinkHub Mesh Wi-Fi 操作系统命令注入漏洞 — LinkHub Mesh Wifi 9.8 -2022-08-05
CVE-2022-25168 Command injection in org.apache.hadoop.fs.FileUtil.unTarUsingTar — Apache Hadoop 9.8 -2022-08-04
CVE-2022-27616 Synology DiskStation Manager 操作系统命令注入漏洞 — DiskStation Manager (DSM) 7.2 High2022-08-03
CVE-2022-22684 Synology DiskStation Manager 操作系统命令注入漏洞 — DiskStation Manager (DSM) 7.2 High2022-07-28
CVE-2022-2550 OS Command Injection in hestiacp/hestiacp — hestiacp/hestiacp 9.8 -2022-07-27
CVE-2022-33923 Dell EMC PowerStore 操作系统命令注入漏洞 — PowerStore 6.4 Medium2022-07-20
CVE-2022-22555 Dell EMC PowerStore 操作系统命令注入漏洞 — PowerStore 6.0 Medium2022-07-20
CVE-2022-2488 WAVLINK WN535K2/WN535K3 touchlist_sync.cgi os command injection — WN535K2 8.0 High2022-07-20
CVE-2022-2487 WAVLINK WN535K2/WN535K3 nightled.cgi os command injection — WN535K2 8.0 High2022-07-20
CVE-2022-2486 WAVLINK WN535K2/WN535K3 os command injection — WN535K2 8.0 High2022-07-20
CVE-2022-33891 Apache Spark shell command injection vulnerability via Spark UI — Apache Spark 8.8 -2022-07-18
CVE-2022-34753 Schneider Electric SpaceLogic C-Bus Home Controller 操作系统命令注入漏洞 — SpaceLogic C-Bus Home Controller 8.8 High2022-07-13

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2676 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.