Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-09-09 CVE-2021-39459 OS Command Injection vulnerability in Redaxo 5.12.1
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
network
low complexity
redaxo CWE-78
critical
9.0
2021-09-09 CVE-2021-40222 OS Command Injection vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704
Rittal CMC PU III Web management Version affected: V3.11.00_2.
network
low complexity
rittal CWE-78
critical
9.0
2021-09-09 CVE-2021-34719 OS Command Injection vulnerability in Cisco IOS XR
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device.
local
low complexity
cisco CWE-78
7.2
2021-09-09 CVE-2021-34721 OS Command Injection vulnerability in Cisco IOS XR
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges.
local
cisco CWE-78
6.9
2021-09-09 CVE-2021-34722 OS Command Injection vulnerability in Cisco IOS XR
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges.
local
low complexity
cisco CWE-78
7.2
2021-09-09 CVE-2021-34728 OS Command Injection vulnerability in Cisco IOS XR
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device.
local
low complexity
cisco CWE-78
7.2
2021-09-08 CVE-2021-28571 OS Command Injection vulnerability in Adobe After Effects
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts.
network
high complexity
adobe CWE-78
7.6
2021-09-08 CVE-2021-36182 OS Command Injection vulnerability in Fortinet Fortiweb
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
network
low complexity
fortinet CWE-78
6.5
2021-09-07 CVE-2021-39279 OS Command Injection vulnerability in Moxa products
Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP.
network
low complexity
moxa CWE-78
critical
9.0
2021-08-31 CVE-2021-27556 OS Command Injection vulnerability in Easycorp Zentao 12.5.3
The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.
network
low complexity
easycorp CWE-78
critical
9.0