Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-43589 | OS Command Injection vulnerability in Dell products Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. | 6.7 |
| 2022-01-24 | CVE-2021-44981 | OS Command Injection vulnerability in Quickbox In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. | 8.8 |
| 2022-01-19 | CVE-2021-31854 | OS Command Injection vulnerability in Mcafee Agent A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. | 7.8 |
| 2022-01-17 | CVE-2021-38965 | OS Command Injection vulnerability in IBM Filenet Content Manager 5.5.4/5.5.6/5.5.7 IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 8.8 |
| 2022-01-15 | CVE-2021-33827 | OS Command Injection vulnerability in Owncloud Files Antivirus The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | 7.2 |
| 2022-01-14 | CVE-2021-33962 | OS Command Injection vulnerability in Chinamobileltd AN Lianbao WF Firmware-1 1.0.1 China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component. | 9.8 |
| 2022-01-12 | CVE-2022-20617 | OS Command Injection vulnerability in Jenkins Docker Commons Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | 8.8 |
| 2022-01-10 | CVE-2021-23154 | OS Command Injection vulnerability in Mirantis Lens In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. | 7.8 |
| 2022-01-05 | CVE-2021-43779 | OS Command Injection vulnerability in Teclib-Edition Addressing GLPI is an open source IT Asset Management, issue tracking system and service desk system. | 9.9 |
| 2022-01-04 | CVE-2021-45912 | OS Command Injection vulnerability in Controlup Real-Time Agent An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. | 7.8 |