Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-04-29 CVE-2021-1488 A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). 0.0
2021-04-29 CVE-2021-30233 Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter.
network
low complexity
chinamobile CWE-77
7.5
2021-04-29 CVE-2021-30232 Command Injection vulnerability in Chinamobile AN Lianbao Wf-1 Firmware 1.0.1
The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter.
network
low complexity
chinamobile CWE-77
7.5
2021-04-29 CVE-2021-25166 Command Injection vulnerability in Arubanetworks Airwave
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1.
network
low complexity
arubanetworks CWE-77
6.5
2021-04-25 CVE-2021-31726 Command Injection vulnerability in Akuvox C315 Firmware 115.116.2613
Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_server service.
network
low complexity
akuvox CWE-77
7.5
2021-04-23 CVE-2021-31607 Command Injection vulnerability in Saltstack Salt
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion.
local
low complexity
saltstack CWE-77
4.6
2021-04-22 CVE-2021-0253 Command Injection vulnerability in Juniper Junos 17.2/17.3/17.4
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process.
local
low complexity
juniper CWE-77
4.6
2021-04-22 CVE-2021-0252 Command Injection vulnerability in Juniper Junos 18.1/18.2/18.3
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allowing an attacker to elevate their privileges via the Junos Device Management Daemon (JDMD) process.
local
low complexity
juniper CWE-77
4.6
2021-04-19 CVE-2020-27241 Command Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-77
7.5
2021-04-19 CVE-2020-27240 Command Injection vulnerability in Openclinic GA Project Openclinic GA 5.173.3
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3.
network
low complexity
openclinic-ga-project CWE-77
7.5