Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-10 | CVE-2021-3061 | OS Command Injection vulnerability in Paloaltonetworks Pan-Os An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. | 7.2 |
| 2021-11-10 | CVE-2021-39474 | OS Command Injection vulnerability in Ubeeinteractive Ubc1319 Firmware 1319010201R009 Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. | 7.2 |
| 2021-11-10 | CVE-2021-37158 | OS Command Injection vulnerability in Opengamepanel 20210814 An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. | 8.8 |
| 2021-11-08 | CVE-2021-42372 | OS Command Injection vulnerability in Xorux Lpar2Rrd and Stor2Rrd A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. | 8.8 |
| 2021-11-04 | CVE-2021-40113 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of the Cisco Catalyst Passive Optical Network (PON) Series Switches Optical Network Terminal (ONT) could allow an unauthenticated, remote attacker to perform the following actions: Log in with a default credential if the Telnet protocol is enabled Perform command injection Modify the configuration For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 |
| 2021-11-04 | CVE-2021-40120 | OS Command Injection vulnerability in Cisco Application Extension Platform and IOS XR A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. | 7.2 |
| 2021-11-04 | CVE-2020-25368 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.02B05 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. | 9.8 |
| 2021-11-04 | CVE-2020-25367 | OS Command Injection vulnerability in Dlink Dir-823G Firmware 1.0.2B05 A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. | 9.8 |
| 2021-11-02 | CVE-2021-43266 | OS Command Injection vulnerability in Mahara In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could lead to code execution via shell metacharacters in a collection name. | 7.3 |
| 2021-11-02 | CVE-2021-36185 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |