Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-18 | CVE-2021-26747 | OS Command Injection vulnerability in Netis-Systems Wf2411 Firmware and Wf2780 Firmware Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | 9.8 |
| 2021-02-18 | CVE-2020-28490 | OS Command Injection vulnerability in Async-Git Project Async-Git The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). | 9.8 |
| 2021-02-18 | CVE-2020-29664 | OS Command Injection vulnerability in DJI Mavic 2 Firmware A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | 7.8 |
| 2021-02-17 | CVE-2021-20655 | OS Command Injection vulnerability in Soliton Filezen FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 7.2 |
| 2021-02-16 | CVE-2021-27104 | OS Command Injection vulnerability in Accellion FTA 912220/912370 Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints. | 9.8 |
| 2021-02-16 | CVE-2021-27102 | OS Command Injection vulnerability in Accellion FTA Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call. | 7.8 |
| 2021-02-16 | CVE-2021-20074 | OS Command Injection vulnerability in Racom M!Dge Firmware 4.4.40.105 Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | 8.8 |
| 2021-02-16 | CVE-2021-21315 | OS Command Injection vulnerability in multiple products The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. | 7.8 |
| 2021-02-15 | CVE-2021-27201 | OS Command Injection vulnerability in Endian Firewall Community 3.3.2 Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in a backup comment. | 8.8 |
| 2021-02-15 | CVE-2020-24899 | OS Command Injection vulnerability in Nagios XI 5.7.2 Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. | 8.8 |