Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-26 | CVE-2013-2512 | OS Command Injection vulnerability in Ftpd Project Ftpd 0.2.1 The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic. | 9.8 |
| 2021-01-26 | CVE-2021-3291 | OS Command Injection vulnerability in Zen-Cart ZEN Cart 1.5.7B Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command. | 7.2 |
| 2021-01-26 | CVE-2021-3190 | OS Command Injection vulnerability in Async-Git Project Async-Git The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. | 9.8 |
| 2021-01-26 | CVE-2020-36199 | OS Command Injection vulnerability in Kaspersky Tinycheck TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | 9.8 |
| 2021-01-26 | CVE-2020-35576 | OS Command Injection vulnerability in Tp-Link Tl-Wr841N Firmware A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. | 8.8 |
| 2021-01-26 | CVE-2020-27542 | OS Command Injection vulnerability in Company Cs-C2Shw Firmware 5.0.082.1 Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. | 6.8 |
| 2021-01-26 | CVE-2020-27298 | OS Command Injection vulnerability in Philips products Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). | 6.5 |
| 2021-01-26 | CVE-2020-23826 | OS Command Injection vulnerability in Assaabloy Yale Wipc-303W Firmware 2.21/2.31 The Yale WIPC-303W 2.21 through 2.31 camera is vulnerable to remote command execution (RCE) through command injection via the HTTP API. | 8.8 |
| 2021-01-22 | CVE-2020-12513 | OS Command Injection vulnerability in Pepperl-Fuchs products Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection. | 8.8 |
| 2021-01-20 | CVE-2021-1142 | OS Command Injection vulnerability in Cisco Smart Software Manager Satellite 5.1.0 Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 9.8 |