Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-08 | CVE-2021-36180 | OS Command Injection vulnerability in Fortinet Fortiweb Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. | 8.8 |
2021-12-08 | CVE-2021-20039 | OS Command Injection vulnerability in Sonicwall products Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. | 8.8 |
2021-12-08 | CVE-2021-20044 | OS Command Injection vulnerability in Sonicwall products A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote authenticated attacker to execute OS system commands in the appliance. | 8.8 |
2021-12-07 | CVE-2021-44684 | OS Command Injection vulnerability in Github-Todos Project Github-Todos naholyr github-todos 3.1.0 is vulnerable to command injection. | 9.8 |
2021-12-07 | CVE-2021-44685 | OS Command Injection vulnerability in Git-It Project Git-It Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. | 9.8 |
2021-12-06 | CVE-2021-43033 | OS Command Injection vulnerability in Kaseya Unitrends Backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. | 9.8 |
2021-12-01 | CVE-2021-20853 | OS Command Injection vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | 6.8 |
2021-12-01 | CVE-2021-20854 | OS Command Injection vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | 6.8 |
2021-12-01 | CVE-2021-20859 | OS Command Injection vulnerability in Elecom products ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors. | 8.0 |
2021-12-01 | CVE-2021-20863 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. | 8.0 |