Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-23 | CVE-2021-26683 | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 7.2 |
| 2021-02-23 | CVE-2021-26681 | OS Command Injection vulnerability in Arubanetworks Clearpass Policy Manager A remote authenticated command Injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. | 7.2 |
| 2021-02-23 | CVE-2020-28429 | OS Command Injection vulnerability in Geojson2Kml Project Geojson2Kml All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. | 9.8 |
| 2021-02-22 | CVE-2021-26724 | OS Command Injection vulnerability in Nozominetworks Central Management Control and Guardian OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and CMC allows authenticated administrators to perform remote code execution. | 7.2 |
| 2021-02-22 | CVE-2021-3149 | OS Command Injection vulnerability in Netshieldcorp Nano 25 Firmware 10.2.18 On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command injection (after authentication by the attacker) because the system C library function is used unsafely. | 7.2 |
| 2021-02-19 | CVE-2020-36246 | OS Command Injection vulnerability in Amaze File Manager Project Amaze File Manager Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | 7.8 |
| 2021-02-19 | CVE-2019-25024 | OS Command Injection vulnerability in Alleghenycreative Openrepeater OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in the functions/ajax_system.php post_service parameter. | 9.8 |
| 2021-02-18 | CVE-2021-26747 | OS Command Injection vulnerability in Netis-Systems Wf2411 Firmware and Wf2780 Firmware Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | 9.8 |
| 2021-02-18 | CVE-2020-28490 | OS Command Injection vulnerability in Async-Git Project Async-Git The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). | 9.8 |
| 2021-02-18 | CVE-2020-29664 | OS Command Injection vulnerability in DJI Mavic 2 Firmware A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | 7.8 |