Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2021-34083 | OS Command Injection vulnerability in Google-It Project Google-It Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. | 8.1 |
| 2022-06-02 | CVE-2021-34084 | OS Command Injection vulnerability in S3-Uploader Project S3-Uploader OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | 9.8 |
| 2022-06-02 | CVE-2021-42872 | OS Command Injection vulnerability in Totolink Ex1200T Firmware 4.1.2Cu.5215 TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | 9.8 |
| 2022-06-02 | CVE-2021-44080 | OS Command Injection vulnerability in Sercomm H500S Firmware Lowih500Sv3.4.22 A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. | 7.2 |
| 2022-06-02 | CVE-2022-30425 | OS Command Injection vulnerability in Tenda HG6 Firmware 3.3.0210926 Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. | 8.8 |
| 2022-05-27 | CVE-2022-20797 | OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1/7.4.1 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. | 9.1 |
| 2022-05-25 | CVE-2022-29256 | OS Command Injection vulnerability in Sharp Project Sharp sharp is an application for Node.js image processing. | 6.7 |
| 2022-05-24 | CVE-2022-29337 | OS Command Injection vulnerability in Cdatatec Fd702Xw-X-R430 Firmware 2.1.13X001 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. | 9.8 |
| 2022-05-24 | CVE-2022-26532 | OS Command Injection vulnerability in Zyxel products A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | 7.8 |
| 2022-05-22 | CVE-2022-1813 | OS Command Injection vulnerability in Rengine Project Rengine OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0. | 9.8 |