Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-08	CVE-2021-34614	OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. network low complexity arubanetworks CWE-78	6.3
2021-07-08	CVE-2021-34610	OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. network low complexity arubanetworks CWE-78	7.2
2021-07-08	CVE-2021-34611	OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. network low complexity arubanetworks CWE-78	7.2
2021-07-07	CVE-2021-20739	OS Command Injection vulnerability in Elecom products WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. low complexity elecom CWE-78	8.8
2021-06-29	CVE-2021-31838	OS Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. network low complexity mcafee CWE-78 critical	9.1
2021-06-28	CVE-2021-23399	OS Command Injection vulnerability in Wincred Project Wincred This affects all versions of package wincred. network low complexity wincred-project CWE-78 critical	9.8
2021-06-28	CVE-2021-20740	OS Command Injection vulnerability in multiple products Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. network low complexity hitachi nec CWE-78	8.8
2021-06-28	CVE-2021-20745	OS Command Injection vulnerability in Inkdrop Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop. local low complexity inkdrop CWE-78	7.8
2021-06-25	CVE-2021-28958	OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. network low complexity zohocorp CWE-78 critical	9.8
2021-06-25	CVE-2021-35047	OS Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. network low complexity fidelissecurity CWE-78	8.8