Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-1594 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. | 8.1 |
| 2021-10-06 | CVE-2021-34710 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. | 8.8 |
| 2021-10-06 | CVE-2021-34748 | OS Command Injection vulnerability in Cisco Intersight Virtual Appliance 1.0.9150/1.0.9230/1.0.9292 A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. | 8.8 |
| 2021-10-04 | CVE-2021-22557 | OS Command Injection vulnerability in Google SLO Generator SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. | 7.8 |
| 2021-09-29 | CVE-2021-35028 | OS Command Injection vulnerability in Zyxel Zywall Vpn2S Firmware 1.12(Abln.0)C0 A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands. | 7.8 |
| 2021-09-27 | CVE-2021-20035 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. | 6.5 |
| 2021-09-27 | CVE-2021-31605 | OS Command Injection vulnerability in Openvpn-Monitor Project Openvpn-Monitor furlongm openvpn-monitor through 1.1.3 allows %0a command injection via the OpenVPN management interface socket. | 7.5 |
| 2021-09-23 | CVE-2021-34725 | OS Command Injection vulnerability in Cisco IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. | 6.7 |
| 2021-09-23 | CVE-2021-34726 | OS Command Injection vulnerability in Cisco Sd-Wan A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system of an affected device. | 6.7 |
| 2021-09-23 | CVE-2021-34729 | OS Command Injection vulnerability in Cisco IOS XE and IOS XE Sd-Wan A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected device. | 6.7 |