Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-25 | CVE-2021-35049 | OS Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. | 8.8 |
| 2021-06-23 | CVE-2021-21809 | OS Command Injection vulnerability in Moodle 3.10.0 A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. | 9.1 |
| 2021-06-21 | CVE-2021-31769 | OS Command Injection vulnerability in Myq-Solution MYQ Server MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. | 8.8 |
| 2021-06-16 | CVE-2020-25755 | OS Command Injection vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. | 8.8 |
| 2021-06-12 | CVE-2021-32556 | OS Command Injection vulnerability in Canonical Apport It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | 3.3 |
| 2021-06-09 | CVE-2021-33357 | OS Command Injection vulnerability in Raspap A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands. | 9.8 |
| 2021-06-09 | CVE-2021-33358 | OS Command Injection vulnerability in Raspap Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | 8.8 |
| 2021-06-09 | CVE-2021-33841 | OS Command Injection vulnerability in Circutor Sge-Plc1000 Firmware 0.9.2B SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. | 9.8 |
| 2021-06-09 | CVE-2021-20731 | OS Command Injection vulnerability in Buffalo Wsr-1166Dhp3 Firmware and Wsr-1166Dhp4 Firmware WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.8 |
| 2021-06-08 | CVE-2021-26472 | OS Command Injection vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. | 9.8 |