Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-02 | CVE-2021-28113 | OS Command Injection vulnerability in Okta Access Gateway A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | 6.7 |
| 2021-04-01 | CVE-2021-29083 | OS Command Injection vulnerability in Synology Diskstation Manager Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute arbitrary code via realname parameter. | 7.2 |
| 2021-03-31 | CVE-2021-23348 | OS Command Injection vulnerability in Portprocesses Project Portprocesses This affects the package portprocesses before 1.0.5. | 8.8 |
| 2021-03-30 | CVE-2021-23363 | OS Command Injection vulnerability in Kill-By-Port Project Kill-By-Port 0.0.1 This affects the package kill-by-port before 0.0.2. | 8.8 |
| 2021-03-30 | CVE-2021-26810 | OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10B05 D-link DIR-816 A2 v1.10 is affected by a remote code injection vulnerability. | 9.8 |
| 2021-03-30 | CVE-2021-25162 | OS Command Injection vulnerability in multiple products A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. | 8.1 |
| 2021-03-30 | CVE-2021-25150 | OS Command Injection vulnerability in multiple products A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. | 8.8 |
| 2021-03-30 | CVE-2021-25146 | OS Command Injection vulnerability in multiple products A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. | 7.2 |
| 2021-03-29 | CVE-2020-24636 | OS Command Injection vulnerability in multiple products A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. | 9.8 |
| 2021-03-29 | CVE-2020-24635 | OS Command Injection vulnerability in multiple products A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. | 7.2 |