Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-4029 1Zyxel 2Nbg6816 Firmware Nbg6817 Firmware Nov 21, 2024 Feb 24, 2022 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface.
CVE-2022-20650 1Cisco 1Nx Os Nov 21, 2024 Feb 23, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of...Show more A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.Show less
CVE-2022-21143 1Airspan 5A5x Firmware C5c FirmwareC5x Firmware+2 more Nov 21, 2024 Feb 18, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow...Show more MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands.Show less
CVE-2021-46319 1Dlink 1Dir 846 Firmware Nov 21, 2024 Feb 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell...Show more Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.This vulnerability is due to the fact that CVE-2019-17509 is not fully patched and can be bypassed by using line breaks or backticks on its basis.Show less
CVE-2021-46315 1Dlink 1Dir 846 Firmware Nov 21, 2024 Feb 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to us...Show more Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters to cause arbitrary command execution. Since CVE-2019-17510 vulnerability has not been patched and improved www/hnap1/control/setwizardconfig.php, can also use line breaks and backquotes to bypass.Show less
CVE-2021-46314 1Dlink 1Dir 846 Firmware Nov 21, 2024 Feb 17, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for...Show more A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.php of D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin because backticks can be used for command injection when judging whether it is a reasonable domain name.Show less
CVE-2021-45382 1Dlink 6Dir 810l Firmware Dir 820l FirmwareDir 820lw Firmware+3 more Nov 10, 2025 Feb 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L...Show more A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all hardware revisions, have reached their End of Life ("EOL") /End of Service Life ("EOS") Life-Cycle and as such this issue will not be patched.Show less
CVE-2021-3781 2Artifex Fedoraproject 2Fedora Ghostscript Nov 21, 2024 Feb 16, 2022 N/A· v4 9.9 CRITICAL· v3 9.3 HIGH· v2 A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary...Show more A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Show less
CVE-2022-22945 1Vmware 2Cloud Foundation Nsx Data Center Nov 21, 2024 Feb 16, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root.
CVE-2021-26726 1Valmet 1Dna Nov 21, 2024 Feb 16, 2022 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012...Show more A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.Show less
CVE-2022-25175 1Jenkins 1Pipeline\ Nov 21, 2024 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS c...Show more Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier uses the same checkout directories for distinct SCMs for the readTrusted step, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.Show less
CVE-2022-25174 1Jenkins 1Pipeline\ Nov 21, 2024 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbi...Show more Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.Show less
CVE-2022-25173 1Jenkins 1Pipeline\ Nov 21, 2024 Feb 15, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configu...Show more Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses the same checkout directories for distinct SCMs when reading the script file (typically Jenkinsfile) for Pipelines, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents.Show less
CVE-2022-23389 1Publiccms 1Publiccms Nov 21, 2024 Feb 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.
CVE-2022-0557 1Microweber 1Microweber Nov 21, 2024 Feb 11, 2022 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-20708 1Cisco 4Rv340 Firmware Rv340w FirmwareRv345 Firmware+1 more Oct 28, 2025 Feb 10, 2022 N/A· v4 8.0 HIGH· v3 10.0 HIGH· v2 Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypa...Show more Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2021-26616 1Secuwiz 1Secuwayssl U Nov 21, 2024 Feb 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments.
CVE-2021-43928 1Synology 1Mail Station Nov 21, 2024 Feb 7, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated...Show more Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 allows remote authenticated users to execute arbitrary commands via unspecified vectors.Show less
CVE-2022-24552 1Starwindsoftware 2Nas San Nov 21, 2024 Feb 6, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user acc...Show more A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges. This affects StarWind SAN and NAS v0.2 build 1633.Show less
CVE-2022-23611 1Itunesrpc Remastered Project 1Itunesrpc Remastered Nov 21, 2024 Feb 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has be...Show more iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade.Show less

Previous 1...188189190...299 Next