Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-23031 | OS Command Injection vulnerability in F5 products On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. | 9.9 |
| 2021-09-14 | CVE-2021-37531 | OS Command Injection vulnerability in SAP Netweaver Knowledge Management XML Forms SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. | 8.8 |
| 2021-09-09 | CVE-2021-39459 | OS Command Injection vulnerability in Redaxo 5.12.1 Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code. | 7.2 |
| 2021-09-09 | CVE-2021-40222 | OS Command Injection vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704 Rittal CMC PU III Web management Version affected: V3.11.00_2. | 7.2 |
| 2021-09-09 | CVE-2021-34719 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. | 7.8 |
| 2021-09-09 | CVE-2021-34721 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. | 6.7 |
| 2021-09-09 | CVE-2021-34722 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. | 6.7 |
| 2021-09-09 | CVE-2021-34728 | OS Command Injection vulnerability in Cisco IOS XR Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. | 7.8 |
| 2021-09-09 | CVE-2020-26300 | OS Command Injection vulnerability in Systeminformation systeminformation is an npm package that provides system and OS information library for node.js. | 9.8 |
| 2021-09-08 | CVE-2020-26772 | OS Command Injection vulnerability in Ppgo Jobs Project Ppgo Jobs 2.8.0 Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execute arbitrary code via the 'AjaxRun()' function. | 9.8 |