Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2021-31854 | OS Command Injection vulnerability in Mcafee Agent A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. | 7.8 |
| 2022-01-17 | CVE-2021-38965 | OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7 IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2022-01-15 | CVE-2021-33827 | OS Command Injection vulnerability in Owncloud Files Antivirus The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | 7.2 |
| 2022-01-14 | CVE-2021-33962 | OS Command Injection vulnerability in Chinamobileltd AN Lianbao WF Firmware-1 1.0.1 China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | 9.8 |
| 2022-01-12 | CVE-2022-20617 | OS Command Injection vulnerability in Jenkins Docker Commons Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | 8.8 |
| 2022-01-10 | CVE-2021-23154 | OS Command Injection vulnerability in Mirantis Lens In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. | 7.8 |
| 2022-01-05 | CVE-2021-43779 | OS Command Injection vulnerability in Teclib-Edition Addressing GLPI is an open source IT Asset Management, issue tracking system and service desk system. | 9.9 |
| 2022-01-04 | CVE-2021-45912 | OS Command Injection vulnerability in Controlup Real-Time Agent An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. | 7.8 |
| 2022-01-04 | CVE-2021-45978 | OS Command Injection vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. | 7.8 |
| 2022-01-04 | CVE-2021-45979 | OS Command Injection vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. | 7.8 |