Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2021-20557 | OS Command Injection vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.2 |
| 2021-05-21 | CVE-2021-33514 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. | 9.8 |
| 2021-05-20 | CVE-2021-20719 | OS Command Injection vulnerability in Nippon-Antenna Rfntps Firmware System01000004/Web01000004 RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors. | 6.8 |
| 2021-05-18 | CVE-2021-31324 | OS Command Injection vulnerability in Control-Webpanel Webpanel The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. | 9.8 |
| 2021-05-18 | CVE-2021-32305 | OS Command Injection vulnerability in Websvn WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | 9.8 |
| 2021-05-13 | CVE-2020-36198 | OS Command Injection vulnerability in Qnap Malware Remover A command injection vulnerability has been reported to affect certain versions of Malware Remover. | 6.7 |
| 2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
| 2021-05-11 | CVE-2021-31915 | OS Command Injection vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | 9.8 |
| 2021-05-10 | CVE-2021-23012 | OS Command Injection vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. | 8.2 |
| 2021-05-07 | CVE-2021-32090 | OS Command Injection vulnerability in Localstack 0.12.6 The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter. | 9.8 |