Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-01-17 CVE-2021-38965 OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7
IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
network
low complexity
ibm CWE-78
critical
9.0
2022-01-15 CVE-2021-33827 OS Command Injection vulnerability in Owncloud Files Antivirus
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
network
low complexity
owncloud CWE-78
critical
9.0
2022-01-14 CVE-2021-33962 OS Command Injection vulnerability in Chinamobileltd AN Lianbao WF Firmware-1 1.0.1
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.
network
low complexity
chinamobileltd CWE-78
critical
10.0
2022-01-12 CVE-2022-20617 OS Command Injection vulnerability in Jenkins Docker Commons 1.9
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.
network
low complexity
jenkins CWE-78
6.5
2022-01-10 CVE-2021-23154 OS Command Injection vulnerability in Mirantis Lens
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell.
network
mirantis CWE-78
critical
9.3
2022-01-04 CVE-2021-45912 OS Command Injection vulnerability in Controlup Real-Time Agent
An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method.
local
low complexity
controlup CWE-78
4.6
2021-12-28 CVE-2021-35031 OS Command Injection vulnerability in Zyxel products
A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.
low complexity
zyxel CWE-78
7.7
2021-12-28 CVE-2021-35032 OS Command Injection vulnerability in Zyxel products
A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.
local
low complexity
zyxel CWE-78
7.2
2021-12-23 CVE-2021-22657 OS Command Injection vulnerability in Myscada Mypro 7/7.0.26
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
network
low complexity
myscada CWE-78
7.5
2021-12-23 CVE-2021-23198 OS Command Injection vulnerability in Myscada Mypro 7/7.0.26
mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.
network
low complexity
myscada CWE-78
7.5