Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-17 | CVE-2021-46319 | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. | 9.8 |
| 2022-02-17 | CVE-2021-45382 | OS Command Injection vulnerability in Dlink products A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. | 9.8 |
| 2022-02-17 | CVE-2021-46314 | OS Command Injection vulnerability in Dlink Dir-846 Firmware 100A43/100A53Dla A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name. | 9.8 |
| 2022-02-16 | CVE-2021-3781 | OS Command Injection vulnerability in multiple products A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. | 9.9 |
| 2022-02-16 | CVE-2022-22945 | OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center VMware NSX Edge contains a CLI shell injection vulnerability. | 7.8 |
| 2022-02-15 | CVE-2022-25173 | OS Command Injection vulnerability in Jenkins Pipeline: Groovy Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 |
| 2022-02-15 | CVE-2022-25174 | OS Command Injection vulnerability in Jenkins Pipeline:Shared Groovy Libraries Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 |
| 2022-02-15 | CVE-2022-25175 | OS Command Injection vulnerability in Jenkins Pipeline: Multibranch Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. | 8.8 |
| 2022-02-14 | CVE-2022-23389 | OS Command Injection vulnerability in Publiccms 4.0 PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | 9.8 |
| 2022-02-11 | CVE-2022-0557 | OS Command Injection vulnerability in Microweber OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | 7.2 |