Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-37158 | OS Command Injection vulnerability in Opengamepanel 20210814 An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. | 8.8 |
| 2021-11-08 | CVE-2021-42372 | OS Command Injection vulnerability in Xorux Lpar2Rrd and Stor2Rrd A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. | 8.8 |
| 2021-11-04 | CVE-2021-40113 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 |
| 2021-11-04 | CVE-2021-40120 | OS Command Injection vulnerability in Cisco Application Extension Platform and IOS XR A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. | 7.2 |
| 2021-11-04 | CVE-2020-25368 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. | 9.8 |
| 2021-11-04 | CVE-2020-25367 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. | 9.8 |
| 2021-11-02 | CVE-2021-43266 | OS Command Injection vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. | 7.3 |
| 2021-11-02 | CVE-2021-36185 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2021-10-31 | CVE-2020-26707 | OS Command Injection vulnerability in Aaptjs Project Aaptjs 1.3.1 An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter. | 9.8 |
| 2021-10-31 | CVE-2020-36376 | OS Command Injection vulnerability in Aaptjs Project Aaptjs 1.3.1 An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | 9.8 |