Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-09 | CVE-2021-34722 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. | 6.7 |
| 2021-09-09 | CVE-2021-34728 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. | 7.8 |
| 2021-09-09 | CVE-2020-26300 | OS Command Injection vulnerability in Systeminformation systeminformation is an npm package that provides system and OS information library for node.js. | 9.8 |
| 2021-09-08 | CVE-2020-26772 | OS Command Injection vulnerability in Ppgo Jobs Project Ppgo Jobs 2.8.0 Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function. | 9.8 |
| 2021-09-08 | CVE-2021-36182 | OS Command Injection vulnerability in Fortinet Fortiweb A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | 8.8 |
| 2021-09-07 | CVE-2021-39279 | OS Command Injection vulnerability in Moxa products Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. | 8.8 |
| 2021-08-31 | CVE-2021-27556 | OS Command Injection vulnerability in Easycorp Zentao 12.5.3 The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. | 7.2 |
| 2021-08-30 | CVE-2021-35062 | OS Command Injection vulnerability in Testzentrum-Odw Testerfassung 202103 A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server. | 8.1 |
| 2021-08-30 | CVE-2021-33055 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions. | 9.8 |
| 2021-08-26 | CVE-2021-27944 | OS Command Injection vulnerability in Vizio E50X-E1 Firmware and P65-F1 Firmware Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionality, leading to OS command execution. | 9.8 |