Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-09-15 CVE-2020-19151 Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
network
low complexity
CWE-77
6.5
2021-09-09 CVE-2020-26300 Command Injection vulnerability in Systeminformation
systeminformation is an npm package that provides system and OS information library for node.js.
network
low complexity
systeminformation CWE-77
7.5
2021-09-08 CVE-2020-26772 Command Injection vulnerability in Ppgo Jobs Project Ppgo Jobs 2.8.0
Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function.
network
low complexity
ppgo-jobs-project CWE-77
7.5
2021-09-07 CVE-2021-37145 Command Injection vulnerability in Poly Cx5100 Firmware and Cx5500 Firmware
** UNSUPPORTED WHEN ASSIGNED ** A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability.
network
low complexity
poly CWE-77
6.5
2021-09-07 CVE-2021-37717 Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-09-07 CVE-2021-37718 Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4, 8.6.0.7, 8.5.0.12, 8.3.0.16.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-09-07 CVE-2021-37719 Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-09-07 CVE-2021-37720 Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-09-07 CVE-2021-37721 Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.
network
low complexity
arubanetworks CWE-77
critical
9.0
2021-09-07 CVE-2021-37722 Command Injection vulnerability in Arubanetworks Arubaos and Sd-Wan
A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25.
network
low complexity
arubanetworks CWE-77
critical
9.0