Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2021-31854 Command Injection vulnerability in Mcafee Agent
A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe.
network
mcafee CWE-77
critical
9.3
2022-01-18 CVE-2021-33965 Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability.
network
low complexity
chinamobile CWE-77
6.5
2022-01-18 CVE-2021-33964 Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability.
network
low complexity
chinamobile CWE-77
6.5
2022-01-15 CVE-2021-33963 Command Injection vulnerability in Chinamobileltd AN Lianbao 2F Firmware-1 1.0.1
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability.
network
low complexity
chinamobileltd CWE-77
critical
10.0
2022-01-13 CVE-2022-22991 Command Injection vulnerability in Westerndigital MY Cloud OS
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call.
low complexity
westerndigital CWE-77
8.3
2022-01-13 CVE-2021-45807 Command Injection vulnerability in Jpress 4.2.0
jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall.
network
low complexity
jpress CWE-77
7.5
2022-01-13 CVE-2021-45806 Command Injection vulnerability in Jpress 4.2.0
jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.
network
low complexity
jpress CWE-77
6.5
2022-01-12 CVE-2021-42559 Command Injection vulnerability in Mitre Caldera
An issue was discovered in CALDERA 2.8.1.
network
low complexity
mitre CWE-77
6.5
2022-01-11 CVE-2021-38991 Command Injection vulnerability in IBM AIX and Vios
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution.
local
low complexity
ibm CWE-77
4.6
2022-01-10 CVE-2022-21668 Command Injection vulnerability in Pypa Pipenv
pipenv is a Python development workflow tool.
network
pypa CWE-77
critical
9.3