Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-21 | CVE-2021-23360 | OS Command Injection vulnerability in Killport Project Killport 1.0.0/1.0.1 This affects the package killport before 1.0.2. | 8.8 |
| 2021-03-21 | CVE-2021-28961 | OS Command Injection vulnerability in Openwrt 19.07.0 applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | 8.8 |
| 2021-03-18 | CVE-2021-23359 | OS Command Injection vulnerability in Port-Killer Project Port-Killer This affects all versions of package port-killer. | 8.8 |
| 2021-03-15 | CVE-2021-23356 | OS Command Injection vulnerability in Kill-Process-By-Name Project Kill-Process-By-Name This affects all versions of package kill-process-by-name. | 9.8 |
| 2021-03-15 | CVE-2021-23355 | OS Command Injection vulnerability in Ps-Kill Project Ps-Kill This affects all versions of package ps-kill. | 9.8 |
| 2021-03-13 | CVE-2021-20017 | OS Command Injection vulnerability in Sonicwall Sma100 Firmware 10.2.0.0/10.2.0.220Sv/10.2.0.5 A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. | 8.8 |
| 2021-03-11 | CVE-2021-28143 | OS Command Injection vulnerability in Dlink Dir-841 Firmware 3.03/3.04 /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, ping6, or traceroute (under System Tools). | 8.0 |
| 2021-03-11 | CVE-2021-28144 | OS Command Injection vulnerability in Dlink Dir-3060 Firmware prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, which calls popen unsafely. | 8.8 |
| 2021-03-11 | CVE-2021-28132 | OS Command Injection vulnerability in Lucysecurity Security Awareness LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file. | 9.8 |
| 2021-03-09 | CVE-2021-24033 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. | 5.6 |