Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2021-04-18 CVE-2021-23377 OS Command Injection vulnerability in Onion-Oled-Js Project Onion-Oled-Js
This affects all versions of package onion-oled-js.
network
low complexity
onion-oled-js-project CWE-78
critical
 9.8
9.8
2021-04-18 CVE-2021-23376 OS Command Injection vulnerability in Ffmpegdotjs Project Ffmpegdotjs
This affects all versions of package ffmpegdotjs.
network
low complexity
ffmpegdotjs-project CWE-78
critical
 9.8
9.8
2021-04-18 CVE-2021-23375 OS Command Injection vulnerability in Psnode Project Psnode
This affects all versions of package psnode.
network
low complexity
psnode-project CWE-78
critical
 9.8
9.8
2021-04-18 CVE-2021-23374 OS Command Injection vulnerability in Ps-Visitor Project Ps-Visitor
This affects all versions of package ps-visitor.
network
low complexity
ps-visitor-project CWE-78
critical
 9.8
9.8
2021-04-16 CVE-2021-27692 OS Command Injection vulnerability in Tendacn G1 Firmware and G3 Firmware
Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request.
network
low complexity
tendacn CWE-78
critical
 9.8
9.8
2021-04-16 CVE-2021-27691 OS Command Injection vulnerability in Tendacn G0 Firmware, G1 Firmware and G3 Firmware
Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request.
network
low complexity
tendacn CWE-78
critical
 9.8
9.8
2021-04-14 CVE-2021-29449 OS Command Injection vulnerability in Pi-Hole
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application.
local
low complexity
pi-hole CWE-78
7.8
7.8
2021-04-14 CVE-2021-27710 OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2021-04-14 CVE-2021-27708 OS Command Injection vulnerability in Totolink A720R Firmware and X5000R Firmware
Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request.
network
low complexity
totolink CWE-78
critical
 9.8
9.8
2021-04-14 CVE-2021-27113 OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05
An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices.
network
low complexity
dlink CWE-78
critical
 9.8
9.8