Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-27 | CVE-2022-20797 | OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. | 9.1 |
| 2022-05-25 | CVE-2022-29256 | OS Command Injection vulnerability in Sharp Project Sharp sharp is an application for Node.js image processing. | 6.7 |
| 2022-05-24 | CVE-2022-29337 | OS Command Injection vulnerability in Cdatatec Fd702Xw-X-R430 Firmware 2.1.13X001 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. | 9.8 |
| 2022-05-24 | CVE-2022-26532 | OS Command Injection vulnerability in Zyxel products A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | 7.8 |
| 2022-05-22 | CVE-2022-1813 | OS Command Injection vulnerability in Rengine Project Rengine OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | 9.8 |
| 2022-05-20 | CVE-2022-31245 | OS Command Injection vulnerability in Mailcow Mailcow: Dockerized mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. | 8.8 |
| 2022-05-20 | CVE-2021-34111 | OS Command Injection vulnerability in Thecus N4800Eco Firmware Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. | 9.8 |
| 2022-05-18 | CVE-2021-42852 | OS Command Injection vulnerability in Lenovo products A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device. | 8.0 |
| 2022-05-18 | CVE-2022-30105 | OS Command Injection vulnerability in Belkin N300 Firmware 1.00.08 In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. | 9.8 |
| 2022-05-18 | CVE-2022-29516 | OS Command Injection vulnerability in Fujitsu products The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors. | 9.8 |