Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-05-27 CVE-2022-20797 OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.
network
low complexity
cisco CWE-78
critical
9.1
2022-05-25 CVE-2022-29256 OS Command Injection vulnerability in Sharp Project Sharp
sharp is an application for Node.js image processing.
local
low complexity
sharp-project CWE-78
6.7
2022-05-24 CVE-2022-29337 OS Command Injection vulnerability in Cdatatec Fd702Xw-X-R430 Firmware 2.1.13X001
C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6.
network
low complexity
cdatatec CWE-78
critical
9.8
2022-05-24 CVE-2022-26532 OS Command Injection vulnerability in Zyxel products
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.
local
low complexity
zyxel CWE-78
7.8
2022-05-22 CVE-2022-1813 OS Command Injection vulnerability in Rengine Project Rengine
OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.
network
low complexity
rengine-project CWE-78
critical
9.8
2022-05-20 CVE-2022-31245 OS Command Injection vulnerability in Mailcow Mailcow: Dockerized
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.
network
low complexity
mailcow CWE-78
8.8
2022-05-20 CVE-2021-34111 OS Command Injection vulnerability in Thecus N4800Eco Firmware
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php.
network
low complexity
thecus CWE-78
critical
9.8
2022-05-18 CVE-2021-42852 OS Command Injection vulnerability in Lenovo products
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
low complexity
lenovo CWE-78
8.0
2022-05-18 CVE-2022-30105 OS Command Injection vulnerability in Belkin N300 Firmware 1.00.08
In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities.
network
low complexity
belkin CWE-78
critical
9.8
2022-05-18 CVE-2022-29516 OS Command Injection vulnerability in Fujitsu products
The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
network
low complexity
fujitsu CWE-78
critical
9.8