Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-09 | CVE-2021-21433 | OS Command Injection vulnerability in Demon1A Discord-Recon 0.0.1 Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. | 8.8 |
| 2021-04-09 | CVE-2020-21883 | OS Command Injection vulnerability in Indionetworks products Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a OS command injection vulnerability in /tools/ping, which can leads to complete device takeover. | 8.8 |
| 2021-04-08 | CVE-2021-1473 | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. | 9.8 |
| 2021-04-07 | CVE-2021-28927 | OS Command Injection vulnerability in Libretro Retroarch 1.9.0/1.9.1 The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platform_win32.c via the accessibility_speak_windows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection using specially a crafted file and directory names. | 7.8 |
| 2021-04-06 | CVE-2021-28204 | OS Command Injection vulnerability in Asus products The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. | 7.2 |
| 2021-04-06 | CVE-2021-28203 | OS Command Injection vulnerability in Asus products The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. | 7.2 |
| 2021-04-02 | CVE-2020-27600 | OS Command Injection vulnerability in Dlink Dir-846 Firmware A1100.26 HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | 9.8 |
| 2021-04-02 | CVE-2021-28113 | OS Command Injection vulnerability in Okta Access Gateway A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | 6.7 |
| 2021-04-01 | CVE-2021-29083 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | 7.2 |
| 2021-03-31 | CVE-2021-23348 | OS Command Injection vulnerability in Portprocesses Project Portprocesses This affects the package portprocesses before 1.0.5. | 8.8 |