Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-21372 | OS Command Injection vulnerability in Nim-Lang NIM Nimble is a package manager for the Nim programming language. | 8.8 |
| 2021-03-26 | CVE-2020-28695 | OS Command Injection vulnerability in Askey Rtf3505Vw-N1 BR SV G000 R3505Vwn1001 S32 7 Firmware Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | 8.8 |
| 2021-03-26 | CVE-2021-20682 | OS Command Injection vulnerability in Basercms baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | 7.2 |
| 2021-03-25 | CVE-2020-10583 | OS Command Injection vulnerability in Invigo Automatic Device Management 5.0 The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. | 8.8 |
| 2021-03-25 | CVE-2020-1946 | OS Command Injection vulnerability in multiple products In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. | 9.8 |
| 2021-03-24 | CVE-2021-1443 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying operating system of an affected device. | 7.2 |
| 2021-03-24 | CVE-2021-1441 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. | 6.7 |
| 2021-03-24 | CVE-2021-1384 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. | 7.2 |
| 2021-03-24 | CVE-2021-1382 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. | 6.7 |
| 2021-03-23 | CVE-2021-21345 | OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. | 9.9 |