Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2022-20617 | OS Command Injection vulnerability in Jenkins Docker Commons Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository. | 8.8 |
| 2022-01-10 | CVE-2021-23154 | OS Command Injection vulnerability in Mirantis Lens In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. | 7.8 |
| 2022-01-05 | CVE-2021-43779 | OS Command Injection vulnerability in Teclib-Edition Addressing GLPI is an open source IT Asset Management, issue tracking system and service desk system. | 9.9 |
| 2022-01-04 | CVE-2021-45912 | OS Command Injection vulnerability in Controlup Real-Time Agent An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cuAgent.exe) before 8.5 potentially allows an attacker to run OS commands via the ProcessActionRequest WCF method. | 7.8 |
| 2022-01-04 | CVE-2021-45978 | OS Command Injection vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via xfa.host.gotoURL in the XFA API. | 7.8 |
| 2022-01-04 | CVE-2021-45979 | OS Command Injection vulnerability in Foxit PDF Editor and PDF Reader Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via app.launchURL in the JavaScript API. | 7.8 |
| 2021-12-30 | CVE-2021-20159 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. | 8.8 |
| 2021-12-30 | CVE-2021-20160 | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.08B01 Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. | 8.8 |
| 2021-12-30 | CVE-2021-20173 | OS Command Injection vulnerability in Netgear R6700 Firmware 1.0.4.120 Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. | 8.8 |
| 2021-12-28 | CVE-2021-35031 | OS Command Injection vulnerability in Zyxel products A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. | 8.0 |