Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-09 | CVE-2021-20144 | OS Command Injection vulnerability in Gryphonconnect Gryphon Tower Firmware An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the controller_server service on Gryphon Tower routers. | 8.8 |
| 2021-12-09 | CVE-2021-21954 | OS Command Injection vulnerability in Anker Eufy Homebase 2 Firmware 2.1.6.9H A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. | 9.9 |
| 2021-12-09 | CVE-2021-42759 | OS Command Injection vulnerability in Fortinet Meru Firmware A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands. | 6.7 |
| 2021-12-08 | CVE-2021-23862 | OS Command Injection vulnerability in Bosch products A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. | 7.2 |
| 2021-12-08 | CVE-2021-36195 | OS Command Injection vulnerability in Fortinet Fortiweb Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments. | 8.8 |
| 2021-12-08 | CVE-2021-36180 | OS Command Injection vulnerability in Fortinet Fortiweb Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | 8.8 |
| 2021-12-08 | CVE-2021-20039 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. | 8.8 |
| 2021-12-08 | CVE-2021-20044 | OS Command Injection vulnerability in Sonicwall products A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. | 8.8 |
| 2021-12-07 | CVE-2021-44684 | OS Command Injection vulnerability in Github-Todos Project Github-Todos naholyr github-todos 3.1.0 is vulnerable to command injection. | 9.8 |
| 2021-12-07 | CVE-2021-44685 | OS Command Injection vulnerability in Git-It Project Git-It Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. | 9.8 |