Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-08-16 CVE-2021-21599 OS Command Injection vulnerability in Dell EMC Powerscale Onefs
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability.
local
low complexity
dell CWE-78
6.7
6.7
2021-08-16 CVE-2021-32826 OS Command Injection vulnerability in Proxyee-Down Project Proxyee-Down
Proxyee-Down is open source proxy software.
network
high complexity
proxyee-down-project CWE-78
8.1
8.1
2021-08-16 CVE-2021-37708 OS Command Injection vulnerability in Shopware
Shopware is an open source eCommerce platform.
network
low complexity
shopware CWE-78
critical
 9.8
9.8
2021-08-16 CVE-2021-23422 OS Command Injection vulnerability in Bikeshed Project Bikeshed
This affects the package bikeshed before 3.0.0.
local
low complexity
bikeshed-project CWE-78
7.8
7.8
2021-08-16 CVE-2021-3708 OS Command Injection vulnerability in Dlink Dsl-2750U Firmware 1.11
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection.
local
low complexity
dlink CWE-78
7.8
7.8
2021-08-13 CVE-2021-36380 OS Command Injection vulnerability in Sunhillo Sureline
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.
network
low complexity
sunhillo CWE-78
critical
 9.8
9.8
2021-08-13 CVE-2021-37028 OS Command Injection vulnerability in Huawei Hg8045Q Firmware V300R016C00Spc110/V300R018C10
There is a command injection vulnerability in the HG8045Q product.
local
low complexity
huawei CWE-78
6.7
6.7
2021-08-13 CVE-2021-37344 OS Command Injection vulnerability in Nagios XI Switch Wizard
Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper neutralisation of special elements used in an OS Command (OS Command injection).
network
low complexity
nagios CWE-78
critical
 9.8
9.8
2021-08-13 CVE-2021-37346 OS Command Injection vulnerability in Nagios XI Watchguard Wizard
Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection).
network
low complexity
nagios CWE-78
critical
 9.8
9.8
2021-08-12 CVE-2021-31698 OS Command Injection vulnerability in Quectel Eg25-G Firmware
Quectel EG25-G devices through 202006130814 allow executing arbitrary code remotely by using an AT command to place shell metacharacters in quectel_handle_fumo_cfg input in atfwd_daemon.
network
low complexity
quectel CWE-78
critical
 9.8
9.8