Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-29 | CVE-2021-31838 | OS Command Injection vulnerability in Mcafee Mvision EDR 3.2.0/3.3.0 A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4.0 allows an authenticated MVEDR administrator to trigger the EDR client to execute arbitrary commands through PowerShell using the EDR functionality 'execute reaction'. | 9.1 |
| 2021-06-28 | CVE-2021-23399 | OS Command Injection vulnerability in Wincred Project Wincred This affects all versions of package wincred. | 9.8 |
| 2021-06-28 | CVE-2021-20740 | OS Command Injection vulnerability in multiple products Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.8 |
| 2021-06-28 | CVE-2021-20745 | OS Command Injection vulnerability in Inkdrop Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop. | 7.8 |
| 2021-06-25 | CVE-2021-28958 | OS Command Injection vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execution while changing the password. | 9.8 |
| 2021-06-25 | CVE-2021-35047 | OS Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the component and neighboring Fidelis components. | 8.8 |
| 2021-06-25 | CVE-2021-35049 | OS Command Injection vulnerability in Fidelissecurity Deception and Network Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. | 8.8 |
| 2021-06-23 | CVE-2021-21809 | OS Command Injection vulnerability in Moodle 3.10.0 A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. | 9.1 |
| 2021-06-21 | CVE-2021-31769 | OS Command Injection vulnerability in Myq-Solution MYQ Server MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. | 8.8 |
| 2021-06-16 | CVE-2020-25755 | OS Command Injection vulnerability in Enphase Envoy Firmware D4.0/R3.0 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. | 8.8 |