Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-24 | CVE-2021-33525 | OS Command Injection vulnerability in Eyesofnetwork EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell. | 8.8 |
| 2021-05-24 | CVE-2021-29300 | OS Command Injection vulnerability in Ronomon Opened The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which would allow a remote attacker to execute commands on the system if the library was used with untrusted input. | 9.8 |
| 2021-05-24 | CVE-2021-20557 | OS Command Injection vulnerability in IBM Security Guardium 11.2 IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 7.2 |
| 2021-05-21 | CVE-2021-33514 | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. | 9.8 |
| 2021-05-20 | CVE-2021-20719 | OS Command Injection vulnerability in Nippon-Antenna Rfntps Firmware System01000004/Web01000004 RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors. | 6.8 |
| 2021-05-18 | CVE-2021-31324 | OS Command Injection vulnerability in Control-Webpanel Webpanel The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. | 9.8 |
| 2021-05-18 | CVE-2021-32305 | OS Command Injection vulnerability in Websvn WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. | 9.8 |
| 2021-05-13 | CVE-2020-36198 | OS Command Injection vulnerability in Qnap Malware Remover A command injection vulnerability has been reported to affect certain versions of Malware Remover. | 6.7 |
| 2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
| 2021-05-11 | CVE-2021-31915 | OS Command Injection vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible. | 9.8 |